I have a 2860 set up to forward port 80 and 443 on all WAN interfaces to an internal VPN server.

This works perfectly from outside my offices but doesn't work at all inside them.

Our meeting room has Guest Wifi on LAN3 which is isolated from the staff network on LAN1. I could add a firewall policy to allow ports 80 and 443 from LAN3 to LAN1 but this should not be necessary.

Is there a way to enable direct access to the WAN interfaces from the LAN interfaces?

Note: There are two WAN interfaces (1 x leased line on WAN2 and 1 x ADSL on WAN1) and three LAN interfaces (1 x Staff on LAN1, 1 x VoIP to another 2860 on LAN2 and 1 x Guest Wifi access on LAN3).

It should work normally... NAT Loopback. Sometimes it gets broken in new f/w but lately not...so ask suport. I suppose the complication is the multi-subnets..maybe loopback doesn't work from all (I've no idea but be sure to give support all info). Also, check you didn't accidentally isolate the LANs from each other as maybe that blocks it (technically it should).

NAT loopback was broken in the firmware before the latest (it's still called 3.8.4.5 but I think (hope!) they've updated it to the release candidate they sent me to solve this problem. I haven't changed as yet as the RC version works).

Try using the latest firmware download.