Starting with the easy one, I know of no way to NAT inbound GRE through VMware server, if that is a requirement you may need to look at a virtual router such as vyatta. In that case your new server would reside in a host only network and all of the NATing would occur in vyatta.
Are you a single subnet inside your firewall? If so I see no reason to change the world simply to satisfy an IP address requirement for a single server.
That being said - a "best practice" would be to actually have three networks, call them outside, inside, and DMZ. Any traffic allowed from the Internet (outside) should not go directly to the inside network. It should instead go to the DMZ network (that would be your 192.168.x.x network). Any traffic between the DMZ network and the inside network should be limited by firewall rules.
This could be implemented with your NetVanta - from what I have been able to determine it supports three interfaces, WAN, ETH1, and ETH2 of which, from what you have told me, you are only using two.
You should definately move your setup to a server class machine With at least two NICS. I would suggest you install the free version of ESXi (rather than VMware Server) on your new server, then configure one of the NICs on your current inside network, the other NIC to the new DMZ network. Then establish all of your NATting and firewall rules for your new DMZ machine. Be sure to get a compliant server for ESXi, VMware has a hardware compatability list (HCL) on their website that will tell you what iis supported.
I know I have presented a plethera of options here - but if you have the funds for a new server the last option would be what I would recomend.
Hope this helps
