I'm doing the same thing, also my internal domain is domain.com.mx and the external also, so there is the same dns record A in internal dns and external dns for DA Server, so when the Da clients are on internet they think that they are in Coporate network but they obviusly not and they can not access to internal resources, the IPSEC tunnel can not establishef for the dns issue.

what can We do? We can not change the internal domain, because it is already working, How can modify the External DNS records to allow DA Clients on Internet get access to internal resources?

Regards

Thank you