Help me with this Tri-LAN configuation

[NaughtyusMaximus]

I've got an interesting network setup to assemble here.

3 WAN access points (3 separate offices, each with their own DSL account and 5-15 computers)

Each office network has to be complete in unto itself (within each office, they all have to be able to talk to each other)

Each office must be able to connect to each other (So say, bob in Company 1 can send a file to Greg in company 3 over the internal network)

------------
As far as I can tell, the easiest way of doing this would be to have each company set up a 'server' computer, which controls NAT for each company. Internally though I'm not sure how to go about doing this.

 

[NaughtyusMaximus]

If I have the following:

Network 1:
WAN IP = x.x.x.x
Server IP = 192.168.0.100
Client IP(s) = 192.168.0.1xx
Workgroup = Company1
-
Network 2:
WAN IP = x.x.x.x
Server IP = 192.168.0.200
Client IP(s) = 192.168.0.2xx
Workgroup = Company2
--
Network 3:
WAN IP = x.x.x.x
Server IP = 192.168.0.300
Client IP(s) = 192.168.0.3xx
Workgroup = Company3
---
Assuming I have a cable running from Company1's switch to Company 2's, to Company 3's, then they're all PHYSICALLY connected, so I should be able to see them all, yes?

 

[spidey07]

I'm thinking use a good hardware firewall/VPN solution and build a triangle with three VPN tunnels between them.

all set, no?

sonicwall really excels in this application - figure about 500 bucks per site. You might want to change your addressing to something like this

site1 = 192.160.1.1 - 254
site2 = 192.160.2.1 - 254
site3 = 192.160.3.1 - 254

the router at each site would be .1, the server could be .10. The sonicwall would hand the appropriate routing over the tunnels and network address translation. The way you can let the network handle the complicated stuff and let the hosts do what they do best. Crash and not play well with others that is.