Use the real router-firewall config as shown. Setting it up on ESXi might be fun, but in the long run you'll be happier with a stable network environment underneath the VMs. Keeping the functions separate will make it much simpler to maintain - problems with your ESXi won't impact the network configs, the functions upgrade independently, etc.
Last thing you want is to end up needing to upgrade something on the server, discover its dependent on ESXi release foo, but your firewall software faults when running foo as the hypervisor.
All this is even more important since you will be in the valley and all your equipment will be living the high-life in Vegas Baby! You really want to ensure your remote access is rock solid and independent of the rest of the equipment in the colo.