New country, new network
[Edited - diagram updated]
Once I get round to setting it up, the web server will be authenticating wireless machines through 802.1x using certificates, and the traffic encrypted using MS-CHAPv2 (WPA).
Shame the laptop only has 802.11b built-in, but I might see if I can get a 802.11g PC Card to slap in there one day, if I can be bothered (and actually find myself using wireless).
10Mbps Internet connection is shared between 4 wired PCs (3 @ 1Gbps, 1 @ 100Mbps) and a wireless laptop (AP support 54Mbps, but laptop only 11Mbps currently).
No DMZ set up on the router, just port forwarding for the services I want to expose (VPN & web services basically).