ESXi network setup for isolated internal virtual machines
ESXi 5.1 and vSphere are synonomous. They are the same thing. I prefer to call it vSphere since that's what VMware calls it.
Create a new vSwitch for the internal VM's. Do not bind this vSwitch to a physical NIC.
Connect the internal VM's to this internal vSwitch.
Add a new vNIC to each external VM and connect it to the "internal" vSwitch.
Configure the internal vNIC appropriately on each VM so that they're all on the same internal subnet (whatever RFC1918 address range you choose to use).
Now each external VM is multihomed and will have a connection to both the external and the internal network and should be able to communicate on the internet as well as to the internal VM's.
Of course, this is just one of the possible ways to do this.
Associating a port-group to a vSwitch does not necessarily give it upstream network access. The upstream device has to have a corresponding interface with a like configure IP/subnet for those devices to talk to.
Create an "internal only" port group. Give each virtual machine needing access to the uplink network and the internal network a second NIC that faces internal.
How it would look:
Router: 192.168.0.1/24
ESXi Host: 192.168.0.2/24
Public Server 1:
NIC1: Assign to existing "VM Network" port group. IP 192.168.0.11/24, Default Gateway 192.168.0.1
NIC2: Assign to "Internal Only" port group 172.16.0.11/24, No Default Gateway
Public Server 2:
NIC1: Assign to existing "VM Network" port group. IP 192.168.0.12/24, Default Gateway 192.168.0.1
NIC2: Assign to "Internal Only" port group 172.16.0.12/24, No Default Gateway
Public Server 3:
NIC1: Assign to existing "VM Network" port group. IP 192.168.0.13/24, Default Gateway 192.168.0.1
NIC2: Assign to "Internal Only" port group 172.16.0.13/24, No Default Gateway
Internal Only Server 1:
NIC1: Assign to "Internal Only" port group 172.16.0.21/24, No Default Gateway
Internal Only Server 2:
NIC1: Assign to "Internal Only" port group 172.16.0.22/24, No Default Gateway
Internal Only Server 3:
NIC1: Assign to "Internal Only" port group 172.16.0.23/24, No Default Gateway