Slow down. :roll:
Need to figure out what you have and how many workstations and servers are we dealing with - at the moment.
You need to look at your whole setup and see what your needs are. Forget about NAT, DNS, DHCP etc for the moment.
Why do you need to subnet? If you have only 10 - 50 workstations, you probably don't, unless you are going to have a lot of traffic. Does everyone need to access the same resources? What type of clients are you talking about that are coming over the AP (Access Point)? Are they individuals or separate companies that access your system.
You need to get a handle on NAT, before you start trying to deal with DHCP, DNS and WINS. Those are whole subjects in themselves.
Let's start with your network to the outside. You apparently have 14 outside address (even though they are private to your ISP). You really only need 1. You should only need to use NAT Overload. Obviously, you are not going to use Static (as I assume you have more than 14 accesses to the outside). Dynamic is probably going to be a little more complicated than necessary. Overload is what most people do, as it is simple to setup and handles most peoples needs.
What you have (now that you understand NAT fully), is 2 sides of router (or server acting as a router). I am going to assume the NAT is going to access the internet on one side (you can have NAT inside your local network and never going to the internet, if you want to - that is what "private interface connected to private network" is for).
One side is your WAN (Wide Area Network - Internet). The other side is your LAN ( Local Area Network).
If you put a router right after the ISPs router, the interface (NIC) that is connected directly that router (the ISPs) will be your connection to the Internet. That address would be one of the 14 addresses (and the only one you will use). Now I assume from your diagram, the address of the ISPs router is 10.168.161.113. The host address is 1 (1110 0001 where the 1st nibble is 1110 and the network address and the 2nd nibble is the host 0001).
Normally, at least this is what I have seen, the first router will be 1, the 2nd (perhaps a firewall will be 2 etc). Therefore, we will use 2 for the 2nd router (your router) and that will be 114 (or 10.168.161.114 - where 114 is 1110 0010).
Now you are connect to the internet by your router. Now you need to connect your private network. I noticed a couple of addresses you were using 10.x.x.x and 20.x.x.x. Not sure what the 20.x.x.x is, but this is a Public address. The private address you are allowed are as follows:
10.0.0.0/8 which is the subnet mask 255.0.0.0
172.16.0.0/12 which is the subnet mask 255.240.0.0
192.168.0.0/16 which is the subnet mask 255.255.0.0
This allows you any subnetting scheme you might need.
If we use 192.168.100.0/24, which gives us 254 address on this subnet. We could then use 192.168.101.0/24 as another subnet with another 254 address etc.
Let's use the first one (192.168.100.0/24) and set the other side of our router to 192.168.100.1. Now anyone on the same wire with address 192.168.100.2 - 192.168.100.254 with a gateway of 192.168.100.1 will be able to access the network.
Now I don't know what you are using for a router, but you could spend less than a $100 and get a router from your neighborhood Computer store (Linksys, Dlink,Soho etc) and solve your problem in minutes. If you need to set up multiple subnets, it will be a little more difficult.
But you need to figure out what you need, network wise, before you get into how to how to assign address. In your case, since you have so little experience, you should probably start out assigning them (or some of them) statically just to make sure you have everying set up correctly.
The mistake some people make is to set everything up at once and when they can't connect, it is difficult to figure out why - is it the wire, the NICS, the addressing scheme, the DNS, the DHCP etc. Can get pretty complicated.
I would set up the routers first and one workstation with address 192.168.100.5 and see if you can ping 192.168.100.1. If you can see if you can ping 10.168.161.14, then see if you can ping 10.168.161.113. If you can do all this, your lan is working and is connecting to the outside router. You can then try to ping 66.218.70.48 (which happens to be
www.yahoo.com
, at the moment). If you can, then you are accessing the internet.
Once you can do this, you can look at the other issues, IMHO.
