Firewall – Proper Network Infastructure Setup DMZ, VPN, Routing Hardware Question

Greetings Server Fault Universe,

So here's a quick background. Two weeks ago I started a new position as the systems administrator for an expanding health services company of just over 100 persons. The individual I was replacing left the company with little to no notice. Basically, I have inherited a network of one main HQ (where I am situated) which has existed for over 10 years, with five smaller offices (less than 20 persons).

I am trying to make sense of the current setup. The network at the HQ includes:

• Linksys RV082 Router providing internet access for employees and site to site VPN connecting the smaller offices (using an RV042 each). We have both cable and dsl lines connected to balance traffic (however this does not work at all and is not my main concern right now).

• Cisco Ironport appliance. This is the main gateway for our incoming and outgoing emails. This also has an external IP and internal IP.

• Lotus domino in and out email servers connected to the mentioned Cisco gateway. These also have an external IP and internal IP.

• Two windows 2003 and 2008 boxes running as domain controllers with DNS of course. These also have both an external IP and internal IP.

• Website and web mail servers also on both external and internal IPs.

I am still confused as why there are so many servers connected directly to the internet. I am seriously looking to redesign this setup with proper security practices in mind (my highest concern) and am in need of a proper firewall setup for the external/internal servers along with a VPN solution about 50 employees. Budget is not a concern as I have been given some flexibility to purchase necessary solutions. I have been told Cisco ASA appliance may help.

Does anyone out in the Server Fault Universe have some recommendations? Thank you all in advance.