NAT, 1:1 NAT with multi LAN interfaces (the same IP address/subnet on each LAN)

kukucz

Hi.
I have a server with Hyper-V on which there are several machine groups (let's call these vApp groups), 4-10 virtual machines in each. Most of these virtual machines use the same network segment (192.168.100.0/24), so each group of machines (vApp) has its own virtual private switch (not connected to the physical network adapter).

Unfortunately, there is a need to access these machines from my corporate network (RDP, SSH) and sometimes also need to connect machines from individual vApp to the Internet. So I decided to add one virtual machine with pfSense with two lan interfaces for each vApp. One interface (WAN) for each pfSense is connected to an external switch (connected to a physical network adapter and corporate network, IP from 172.16.0.0/16), the second interface is connected to the appropriate virtual switch in vApp (usually IP 192.168.0.1/24) . I set NAT, 1: 1 NAT and firewall for machines inside vAPP. It works fine but I have 30 machines with pfSense to configure and manage and it takes up quite a lot of Hyper-V server resources (0.5 GB RAM, 2GB disk, 2 virtual cores per pfSense virtual machine).

Of course, I came to the idea of replacing this configuration with one powerful virtual machine connected to a corporate network with multiple lan interfaces, each connected to a separate virtual switch in vApp (or one lan interface connected to one virtual private switch, with multiple VLAN interfaces created on (I can assign a group of vm machines in the same vApp individual VLAN tag o virtual interffaces.) The problem is that pfSense would have multiple lan interfaces or also VLANs with the same IP address (192.168.0.1/24). NAT and firewall probably would not work in such a configuration.

Does anyone have an idea for configuring pfSense with multiple LAN interfaces s having the same IP address, the same subnet?
I need working something like od diagrams below:

or this: