With 10.x tcpdump, you can also see the virtual server name in the packets. This line shows a SNAT to pool member SYN which was via the http_10.1.0.15_vs virtual server:
14:05:19.472966 IP 10.1.0.11.50954 > 10.1.0.100.http: S 3232923316:3232923316(0) win 4380 out slot1/tmm0 lis=http_10.1.0.15_v
A VS specific SNAT pool is still useful, but figured I'd throw this out there too.
Was referring more to firewalls, Netflow, etc...boxes that only care about IP/Port. Still, very cool reminder. I noticed that once and didn't think anything of it. Didn't even consider the application at the time.
This is an old question, but I didn't see one point mentioned.
If you use Automap, then it will use a Self-IP address. This address will be visible to clients, and will be pingable. Maybe you'd rather make your Self-IP addresses less exposed by having the virtual server use addresses from a special SNAT pool.