As'salam Alikoum
Dear Brother
if you have DHCP installed in your network you can simply configure what's called DHCP Class ID , it will prevent unauthorized Access To your network , but make sure your DHCP Server is Configured probably and try to limit your Scope to the number of computers you have ,Assign Static IP For your Servers and for your users USE RESERVATION
another solution is to install RRAS and configure Nat and VPN on that Server so only users who have either a Digital Certificate or a Pre-Shared Key issued By your CA will gain access to your server via VPN and once they authenticated they will gain access to your Resources and the internet using Nat
and i guess you can achieve the same goal using ISA Server but keep in mind to create a Network Rule that NAT the Traffic Between your Different Subnets
i apologize for writing in English but my PC in Work is not Arabic Enabled , i was just trying to help
Good Luck
your Brother StrangerInMoscow
Asalam Alikoum
المفضلات