NAT configuration for cloned virtualized labs
I'm currently evaluating the possibilities of cloning our dev lab environment.
I need to keep network configuration and ips static between the clones. There needs to be a way of getting into every lab that is cloned, as well as the possibility of making connection between these labs (but not crucial).
Let's say that we have some management network on 18.104.22.168/24 and each cloned lab has 22.214.171.124/24 network. I was thinking of 1:1 NAT configuration that translates 126.96.36.199/24 -> 1.0.x.1/24 (ie: 1st lab: 188.8.131.52/24 -> 184.108.40.206/24, 2nd 220.127.116.11/24 -> 18.104.22.168/24,…).
I was hoping that this can be made with single pfSense (either with one labLAN interface and vLans (v2 on picture), or with three labLAN interfaces (v1 on picture)), but I can not make it work.
The first NAT (22.214.171.124/24) works fine, but I cannot access any other. It seems that pfSense can not hold the connection state on interfaces with same network on the interface name basis (I mean that all lab-interfaces on pfSense have 126.96.36.199/24 IP, as gateway for the lab-network).
I tried NATing on labLANs (em2, em3, em4;one 1:1 NAT for each of lab-env's) interfaces, and on management (em1, one 1:1 NAT for each of lab-env's) interface.
In the end I know that the configuration with separate NAT-acting pfSense instance between the each of lab-env will work (v3 on the picture). This is the configuration that I would like not to use until there is no other way.
Do You see any way to make this config work with one pfSense?
I'm attaching pictures of network topologies.