Ok , I wrote about remove the nat just for keep the L3 transparency across the vpn link, anyway… assuming that your internal servers are on the same broadcast domain of your internal lan (the 10.0.0.0/24 network, and not on a dedicated DMZ), try this..remove the ETH00 from NAT enabled interfaces, and in SYSTEM,Setup, Scripts/Cron, Nat and Virtual Servers, add this line and then enable the script
iptables -t nat -I POSTROUTING -o ETH00 -s 10.0.0.0/24 -d 10.0.0.0/24 -j MASQUERADEThis will do NAT only for packets coming from the lan and destinated to the lan as well (when you try to reach one of your server via FQDN from a pc which is in the same lan)…..
If it will work ( and it should) then you can play with a ‘fine tuning’ of your rules…
Regards