Traffic Routing with out a Snat ?

So on my server network (internal, although all public ips)

 

 

I have:

 

vLan - Internal-v100

 

1.1.1.1 core-router-vip

 

1.1.1.2 core-router-1

 

1.1.1.3 core-router-2

 

1.1.1.4 lb-1

 

1.1.1.5 lb-2

 

1.1.1.6 lb-float-ip

 

1.1.1.7 www1

 

1.1.1.8 www2

 

 

vLan - External-v200

 

2.2.2.1 core-router-vip

 

2.2.2.2 core-router-1

 

2.2.2.3 core-router-2

 

2.2.2.4 lb-1

 

2.2.2.5 lb-2

 

2.2.2.6 lb-float-ip

 

2.2.2.7 www-vip:80

 

 

 

www1's defautl route/gateway = 1.1.1.6

 

www2's defautl route/gateway = 1.1.1.6

 

 

Traffic from the outside vip that goes to www1 and www2 works perfect, I can see the ip, traffic flows through the LB as it should.

 

 

I have (for www1 only so I can ssh to it)

 

virtual fw-virt-server {

 

destination 1.1.1.6:any

 

ip forward

 

translate address disable

 

vlans external enable

 

}

 

 

Traffic from the outside sees the route for www1/www2 as

 

 

Edge Router -> core router -> Vlan Interface 1.1.1.1 -> Destination

 

^Is that correct or should I remove that vlan interface and replace it with something else?

 

 

The problem is ssh to my host of www1 still is not working. I am dumbfounded... I am about ready to throw in the towel and just do a snat... Anyone see something glaringly obvious?