Thanks - if I use promiscuous mode on a standard switch:

-How can I prevent Vms on that switch that I don't want to mirror to from seeing the mirrored traffic?

-How can I send that traffic to a collector with a destination IP outside my subnet that requires going over a router?

-How can I prevent Vms on that switch that I don't want to mirror to from seeing the mirrored traffic?

All VMs on the same port group will see this traffic, but remember that if you don't have a sniffer listening on promiscuous mode on the Guest OS, the traffic not destined to the VMAs will be ignored.

-How can I send that traffic to a collector with a destination IP outside my subnet that requires going over a router?

Unless I'm missing something, you can't since the router will forward only the traffic directly destined to the remote IP.

We tried the promiscuous mode option and that port group then sees all the traffic from the other port groups in the vSwitch.

VMware KB: How promiscuous mode works at the virtual switch and portgroup levels

Luckily we have some spare NICs we can light up so we're creating a new vSwitch and portgroup for the VM we need to monitor and the receiver NIC.