I'm an IOS FW newbie, so please bear with me.
I have my mail server hosted on my LAN and NAT'ed thus:
ip nat inside source static tcp LAN-IP 25 interface FastEthernet0 25
ip nat inside source static tcp LAN-IP 110 interface FastEthernet0 110
access-list 109 permit tcp any host OUTSIDE-IP eq pop3
access-list 109 permit tcp any host OUTSIDE-IP eq smtp
Which works fine for external access but my problem is, as ever, salesmen. They use laptops on the road and connect to the LAN when in the office. Their mail config uses our mail (both out & in) which resolves to the external interface IP.
This doesn't work when they're in the office as they get a connection refused. I presume that this is because they are coming from a LAN address and trying to connect to the external (NAT'ed) address via the Firewall (twice). What do I need to do to allow this? Any suggestions gratefully received.