Right now we have iPhones setup to pull from an outside ip (68.156) directed to the inside ip (192.255) for internal email. It works well from an another outside ip (74.128 or 174.126), not on our network. Right now we have a separate pipe broken off from our regular network for internet access only with no restrictions from the firewall. It is a secure network (10.4) address which allows users to connect via wireless for there iphones.
For some reason using wireless causes the internal to fail unless they disconnect from wifi and use direct 3g. Is there a way to route this through the wifi, so that it doesn't get confused and fails?
If I am understanding you correctly you have the iPhone users going out to a mail server at 68.156.x.x which I am guessing that this IP address is also on the same Firewall interface as your 10mb internet connection. If this is the case then the traffic is trying to go out the interface and come right back in. Are you using and ASA or PIX and is the version newer than 7.x? If so look into these articles
I don't think DNS doctoring will work for your because it is VLANed off so unless you want to open up access in the Firewall it won't work. So you may want to look into hairpining which you will basically just be Nating the traffic again. I believe the commands would be something like:
same-security-traffic permit intra-interface
nat (inside) 1 10.4.0.0 255.255.255.0
Mind you I have not seen your config and even if I did this may still be wrong as I have only ever done this on 8.3 code which is different. Also again this is based on the assumption that your firewall is an ASA or a Pix running 7.x code or higher and that the 68.156.x.x ip address is on the same interface that your traffic from the 10.4.0.0 subnet is going out on.
I hope my assumptions were correct and this helps a little.