m0n0wall Forum - Howdo I set up a LAN within a LAN?

Hi folks.

I've been scratching my head with this the last few days, so hopefully you guys can help me out.

A bit about the setup:

Within our company my team needs to run our test lab LAN isolated from the greater corporate LAN - this is so we can run services like our own Active Directory, DHCP, etc without screwing up the company LAN (doing so is a firing offence). So in this case the "WAN" side of m0n0 would be our corporate LAN, that is in turn connected to the Internet.

On the "WAN" side we need to assign a static IP (hostname registered in our corporate DNS with its own .com domain) and accept incoming (Windows) VPN connections (so we can access the lab from our desks). The company LAN also *requires* use of the corporate WWW proxy for web access.

Inside our lab we have our own (Windows) Active Directory, primary DNS, VPN and DHCP server on a .local domain. M0n0 would also have an internal (192.168.x.x) static IP, hostname and .local domain name within the LAN.

So, questions:

Within our lab LAN can m0n0 act as the secondary DNS to the Windows primary DNS and/or forward DNS requests to the corporate DNS for any non-".local" hosts?

How do I get m0n0 to use the upstream web-proxy so that the lab LAN can get see the web? Or do I need to set the lab clients to use the corporate proxy and m0n0 will just route web access to the proxy through the firewall?

Would it be better to pass VPN requests through m0n0 to the Windows box or have m0n0 do the job?

Clear as mud eh? ;-)

Many thanks,
Richard.