Ran into a similar situation with our deployment. You cannot use SNATs for the Edge server AV traffic piece. You can use SNATs for the web conf, access and reverse proxy for skype services. What we ended up with is on the edge servers assigning it 3x different private IPs for the external interface, and using a static NAT to the IP that is used for AV.
1. EXT-Access (with NAT to F5 VIP/SNAT -- pool member)
2. EXT-WebC (with new NAT to new F5 VIP/SNAT-- pool member)
3. EXT-Audio/Video (NAT to IP on edge ext server AV interface)
The first two addresses (EXT-Access + EXT-WebC) we have the F5 fronting the service with a separate VIP/SNAT. The 3rd IP(EXT-Audio/video) we have a static NAT assigned. The reason for the NAT to the 3rd IP on edge AV is to make the STUN/TURN protocol work. Apparently it will not work if you're using "source address translations", the clients will not be able to discover each other correctly. What you will see is that clients that end up on the same Edge server are able to function, but when on different edge servers IM will work but no AV. We have this setup in 2x seperate DCs. When we decide to add a third/fourth Edge server, we follow the same pattern. Assign 3x different private IPs and one NAT to the new IP that will be used for AV. The other 2x IPs get assigned/configured into the access/webc exiting F5 pools as members.
We also use the F5 for the Skype Reverse proxy Service. In our case we have 2x FE servers. The F5 vip for the skype Reverse proxy function we have redirecting all http traffic to https. The F5 HTTPS vip for skype reverse proxy has an irule that will forward traffic to specific pool based on http host header. We have 3x pools defined for the FE service. 1st pool has all the Skype FE servers in and is used for the names (meet.domain.name, dialin.domain.name, lyncdiscover.domain.name). The second pool only has one member and it is one of the FE servers(ext-FE1.domain.name host header) . The third pool as the other FE Server(ext-FE2.domain.name host header) as a member.
Firewall Rules/F5vs ports,
1. Access (tcp/443, tcp/5061) (source: external clients to destination of F5 vip for Access)
2. WebC (tcp/443) (source: external clients to destination: F5 vip for WebC)
3. Audio/Video (tcp/443, udp/3478, tcp/50,000-59,999, udp/50,000-59,000) (bi-dir between edge AV interfaces)
4. Reverse proxy (tcp/443, tcp/80) (Source is external client: Destination F5 vip for Skype RP) F5 has irule to redir traffic from 80 to 443, and irule to FWD traffic based on HTTP host header to specific pools for FE servers.
Hope this helps.