I have a vendor who needs to run his pharmacy robot network in a private IP space. The server in this network is a Windows 2003 server with 10 Windows XP Pro clients. Our network is a large AD2K forrest but is behind a firewall. All servers are Windows 2003 and all clients are Windows XP Pro with personal firewall activated and centrally managed.
Here's the question. To separate the robot network from our network but allow bidirection traffic between it and one server sitting on our network require just one VPN appliance that would essentially do a NAT or two VPN appliances - one sitting at our server and one sitting on the edge of the robotic network?
What is the best solution for network isolation but allowing the one server to talk to the robotic network?