Configuration Question

Hi,

maybe some one can answer this question,

I have a server 2008 R2 in a domain that has with 2 NICs, NIC1: 10.0.10.15 (is atteched to an internal Switch) NIC2 62.XX.XX.186 (Atteched to ISP Excternal Switch At data center). I configure Hyper-V on this server with 4 VM servers. each of these VM servers also Has 2 NICs with the same IP range of the host i.e. Server1 has 2 NICs NIC1: 10.0.10.20 and NIC2 62.XX.XX.162. NIC1 of all the Virtual servers and Host server  has no Default address. at this time custmoers access these VMs servers with thier exteran IP address i.e. to access server1 they use 62.XX.XX.162. all of the VMs also use the First NIC 10.0.10.0 only to access each others.

Now this what I want to do,

I did install TMG 2010 SP2 on a different Physical Server that has 2 NICs and I want to use this TMG to protect the VM servers, but becuse this network is an production network I have to put each VM servers one by one behind this TMG so this is my plan,

I going to add this new TMG server to domain then give the NIC one 10.0.10.1 and the NIC2 62.XX.XX.180 then I am going to connect the NIC 10.0.10.1 to the same internal swtich as the host server of VM servers and connect the NIC2 62.XX.XX.180 to the same externa switch as the external NIC of the Host of virtual VMs. but what I want to know is when we connect this TMG to the network would it still the Host of VMs (and eventually the VMs) could Access the internet? personaly I think is so becuse NIC1 of the VM servers has no default gateway so they will not use the TMG is thier gate way until I use the 10.0.10.1 of the TMG for thier default gateway.

also I think the customer can still access there VM servers from internet becuse they using the NIC2 of each VM (62.XX.XX.XX) to access them.

Then I put each of the Vm servers one by one behind this TMG by giving the 10.0.10.1 for thier default gateway and then disable thier NIC2 and use its IP i.e. 62.XX.XX.162 as second IP for the TMG external NIC and then create the necessery rules to allow Application and customers froom outside access them.

Would it this work?

Thanks

Shahin