I want to create a testlab. For that I will bring up two ESXi-Hosts and clone important machines (like our DC) onto them. I want the network configuration of my testlab to be exactly the same as my production network.
The production network (192.168.1.0/24) and the test network (192.168.1.0/24) will be separated by a SSG140, where the production network is my untrusted zone and the test network my trusted.
SSG140 eth3: production network (192.168.1.160/32) - untrusted zone
SSG140 eth4: test network (192.168.1.254/32) - trusted zone
Inside the production network is a NFS server (192.168.1.100/32) that I want to access from inside the test network. The IP for accessing this NFS-Server from inside the test network should be the same as its IP inside the production network (192.168.1.100/32).
To realize this scenario, I think the SSG140 sould bind a second IP address (192.168.1.100/32) on its eth4 (test network) interface. All packets that reach this virtual IP address on eth4 should be routed to eth3 (production network) and send to the NFS server so that every host inside the trusted network can reach the NFS server at 192.168.1.100/32 inside the production zone through the firewall.
I have no glue how to start as the SSG140 is new to me. Thx!