VMWare ESXi networking question

[SpuffMonkey]

Going a bit cross eyed from reading manuals - so hopefully someone can short cut through my stupidity...

What I want to do - set up a 2008/W7 test bed on an old server under ESXi
What I'm worried about - presumably I need this test bed to be completely seperate from the existing network to avoid any problems with DHCP or DNS etc etc....but...I would like to get internet access through our broadband.

Any ideas on setting this up would be handy - I imagine VLANs might be needed - but at present I can't change what we have set up.

[teejay]

Create two virtual switches, one called something like external and one called internal. On the external one you assign one of the physical nics, then build a vm using the firewall product of your choice, connecting the red side to external, green to internal and to use an upstream proxy/gateway pointing to your internet connection firewall.
You then build you test machines connecting to the internal network and pointing to the firewall for their gateway/proxy.
Edit: just to clarify, don't assign any physical nics to the internal switch.

[SpuffMonkey]

Thanks teejay - I'll try & get my head round that...

[teejay]

A picture may help:

[SpuffMonkey]

Cheers muchly

[chrisbrown]

The other option is to send a trunk down to the vSwitch and then use VLANing as you proposed. This would also work, and will not require you to have an extra firewall device running.

[teejay]

The other option is to send a trunk down to the vSwitch and then use VLANing as you proposed. This would also work, and will not require you to have an extra firewall device running.

Ok, at some point you've got to connect to the internet, how do you propose to do that? Only way I can think of is to stick an extra nic in the internet firewall and run the test network in a DMZ.

Edit: you don't need a resource hog Firewall like Forefront TMG to do what I suggested, we use IPCop for this, uses hardly any memory or processor power.

[chrisbrown]

Ok, at some point you've got to connect to the internet, how do you propose to do that? Only way I can think of is to stick an extra nic in the internet firewall and run the test network in a DMZ.

Edit: you don't need a resource hog Firewall like Forefront TMG to do what I suggested, we use IPCop for this, uses hardly any memory or processor power.

I'm afraid I don't understand. You create a new VLAN that goes as far as your core routing devices
VLAN 222, IP range 17.24.20.0/24. Have a route on your router that has a default route out of your network for that VLAN, but will not allow routing between the networks. Simple stuff, really. You don't need a firewall to segregate two LAN segments.