Is it possible to map a vip to a vs?

Hi,

I have multiple virtual servers configured, their `Virtual server IP` is in a dedicated class A subnet just for this. The VS are then reachable through the SSL-VPN.
I now need to make some of those VS reachable from the internet. I'd like if possible to keep the private IP address for the virtual server, and to just dNAT the public IP address to the VS ip address. (so I can keep a public enpoint and a private endpoint, with dns records for each of them)
Although, my tests didn't suceed.

At the moment I have the not-working following configuration:

config firewall vip     edit "vip"         set uuid aaa         set extip 192.0.2.4         set mappedip "10.0.0.1"         set extintf "port1"         set portforward enable         set extport 443         set mappedport 443     next end

config firewall vip     edit "vs"         set uuid bbb         set type server-load-balance         set server-type tcp         set extip 10.0.0.1         set extintf "any"         set monitor "hc-zzz" "ping"         set extport 443         config realservers             edit 1                 set ip 172.16.0.1                 set port zzz                 set max-connections 1000             next             edit 2                 set ip 172.16.0.2                 set port zzz                 set status standby                 set max-connections 1000             next             edit 3                 set ip 172.16.0.3                 set port zzz                 set status standby                 set max-connections 1000             next         end     next end

config firewall policy     edit 93         set uuid ccc         set srcintf "port1"         set dstintf "port2"         set action accept         set srcaddr "all"         set dstaddr "vip"         set schedule "always"         set service "HTTPS"         set logtraffic all     next end

Is it possible to chain a vip and a vs? If so, do you know what I'm doing wrong?
Thanks!