A couple questions.

If i go to mail.domain.com.au externally i reach the required page.

If i go mail.domain.com.au Internally, I get a DNS error.

I could just add a new DNS Zone, however I want to add it in the router so if I type the external domain locally I can reach the required page.

Another question ...

I have a port forward setup on the router

ip nat inside source static tcp 10.0.2.61 3389 150.101.xxx.xx 3389 extendable

Now when i connect via VPN and try and remote desktop to 10.0.2.61 ... it doesn't work.

However if i disconnect from the vpn and connect via RDP remotely (150.101.xxx.xx) it connects.

When connected via VPN, i can connect to everything via RDP except the IP Address which is in the port forward rule.

My VPN IP Address is 10.0.4.x

How can i get by this?

Help Appreciated

here is some of the config ...

!

ip local pool ippool 10.0.4.1 10.0.4.50

ip classless

ip route 0.0.0.0 0.0.0.0 150.101.xxx.xx

no ip http server

ip http access-class 90

no ip http secure-server

ip nat inside source list nat-allowed interface Vlan13 overload

ip nat inside source static tcp 10.0.2.61 25 150.101.xxx.xx 25 extendable

ip nat inside source static tcp 10.0.2.61 80 150.101.xxx.xx 80 extendable

ip nat inside source static tcp 10.0.2.82 443 150.101.xxx.xx 443 extendable

ip nat inside source static tcp 10.0.2.61 3389 150.101.xxx.xx 3389 extendable

!

!

!

ip access-list standard snmp-allow

permit 10.0.2.0 0.0.0.255

permit 10.0.3.0 0.0.0.255

permit 10.0.4.0 0.0.0.255

!

ip access-list extended allowed-from-internet

permit tcp any host 150.101.xxx.xx eq smtp

permit tcp any host 150.101.xxx.xx eq www

permit tcp any host 150.101.xxx.xx eq 22

permit udp any host 150.101.xxx.xx eq non500-isakmp

permit udp any host 150.101.xxx.xx eq isakmp

deny ip any any

ip access-list extended bogons-and-netbios

remark allow VPN clients full access

permit ip 10.0.2.0 0.0.0.255 10.0.4.0 0.0.0.255

permit ip 10.0.3.0 0.0.0.255 10.0.4.0 0.0.0.255

remark deny all NetBIOS leaving the network

deny tcp 10.0.2.0 0.0.0.255 range 135 139 any

deny udp 10.0.2.0 0.0.0.255 range 135 netbios-ss any

deny tcp 10.0.2.0 0.0.0.255 any range 135 139

deny udp 10.0.2.0 0.0.0.255 any range 135 netbios-ss

permit ip any any

ip access-list extended nat-allowed

deny ip 10.0.2.0 0.0.0.255 10.0.4.0 0.0.0.255

deny ip 10.0.3.0 0.0.0.255 10.0.4.0 0.0.0.255

deny tcp 10.0.2.0 0.0.0.255 range 135 139 any

deny udp 10.0.2.0 0.0.0.255 range 135 netbios-ss any

deny tcp 10.0.2.0 0.0.0.255 any range 135 139

deny udp 10.0.2.0 0.0.0.255 any range 135 netbios-ss

permit ip 10.0.2.0 0.0.0.255 any

permit ip 10.0.3.0 0.0.0.255 any

ip access-list extended vpn-split-tunnel

permit ip 10.0.2.0 0.0.0.255 10.0.4.0 0.0.0.255

permit ip 10.0.3.0 0.0.0.255 10.0.4.0 0.0.0.255

logging trap debugging

access-list 90 permit 10.0.2.0 0.0.0.255

access-list 90 permit 10.0.3.0 0.0.0.255

access-list 90 permit 10.0.4.0 0.0.0.255

access-list 90 deny any

access-list 142 permit icmp any any

dialer-list 1 protocol ip permit

snmp-server community thinkSNMP RO snmp-allow

snmp-server location xxxxx

snmp-server enable traps tty

snmp-server host 10.0.2.62 version 2c thinkSNMP aaa_server ipsec

no cdp run

!