I am trying to implement ip sla to monitor a CSS VIP in Site A. If that VIP goes down I would like the traffic to go to another route. I also tag that traffic with precedence. During the failure the tagged traffic should have the destination IP NAT'd to a private IP for our Disaster Recovery CSS setup. The main issue I have is that the icmpEcho are getting NAT'd even though I built a route map and NAT command that should only NAT tagged traffic. I do not see hits on my route map, but when I debug nat I see the icmpEcho getting NAT'd. This issue causes a ping to come in correctly for IP SLA and then the traffic starts to flap. I tried to block icmpecho from the failover router, but then my weighed route never leaves the initial router and hence never returns the traffic back to the production site when it comes back up. Please let me know if you have seen the icmpecho get NAT'd and how you got around that issue.