I think having the firewall handle the dhcp addresses is going to be 1 solution. The reason it is not is b/c we setup a new business (a) in a leased office space sharing a wall with another business (b). We worked an arrangement to split the T1 cost with them. I wanted to do as little changing as possible to (b)'s current network setup which was having their netgear wifi router plugged directly into the t1 router.
When we moved in I put a firewall/vpn netgear product into the mix and had the T1 router go into it's wan port instead of (b)'s router. I then plugged (b)'s router lan to lan into teh firewall as well as (a)'s wifi router. That seemed to work ok. (a) and (b)'s routers are set as static ip's of .0.10 and .0.20. (a)'s router hands out dhcp's of .50-.100 and (b)'s router hands out .101 - .253. At this point everything seemed to work well. All the hardwired clients to (a) and (b) were getting proper IP's if not static already and they could get to internet. I could connect to (a)'s router via wifi and wpa/psk encryption and surf the web. The gateways on both of these routers are set to point to .0.1 which is the vpn/firewall going to the T1.
All goes down hill with the 3rd router. Originally I set it up in our mgrs office connected to (a)'s router. It needed to be on a different IP scheme though so wifi users could not ping around and find the POS systems and manager computer. In the end I ran a cable and ultimately connected wan to lan on the vpn/firewall. The lan ip setup was 192.168.10.200, subnet of 255..0 and dhcp handing out addresses between .10.2 - .10.199. It's internal ip is setup to be 192.168.0.200, subnet of 255.255.255.0, and gateway of 192.168.0.1. I can't explain the windows, but b/c it's a netgear wgr614 wifi router it lets you give it a lan ip setup scheme different than the basic setup scheme. I was told by techies that this is so you can put your dhcp clients on a different ip scheme than other pc's on the same network.
At this point we couldn't connect to (a)'s router via wpa/psk. We could connect to the 3rd router's ssid but we would usually get an ip from (a)'s router but not internet connect (although the hardwired pc's got internet) or we would get an ip in (b)'s range and the internet would work. If we actually got a .10.x ip we would also not get internet.
That's why I'm wondering if I need to be going form the firewall's lan port to all routers wan port in order to keep the dhcp crosstalk down. when I brought router 3 to our main office and hooked it up to our switches, lan to lan I had same results. Got an ip from the dhcp on our server and not the router + internet worked. As soon as I moved the cable from lan to wan on the router my laptop dropped teh signal, picked it back up, gave me a .10.x ip address and internet worked. I had the gateway of the router point to our firewall/gateway which is connected to our switches.
Thanks for the suggestion and reply.