Oky.. So, you have a private IP address, a redirector (this is the 3com firewall?), and an internal DNS machine.
The reasons it doesn't work when you added the site names to the internal DNS is :
>Now when I do NSLOOKUP, I see my ISP's DNS server as the default
Your machines are configured to look at your ISP's dns, not your internal one. Ideally you would configure your LAN machines to look at your internal DNS, and have your internal DNS forward unresolved lookups to your ISP's dns.
LAN Machine -- dns query --> LOCAL DNS --> ISP DNS.
There's an option if you right click the dns administration on Windows NT Server to 'forward' queries, and you can slap your isp's dns servers in there. I do exactly this at home (although not using NT) to make machines which are inaccessable from the internet (private ips') have nice domain names which are accessible from internal machines, but not external. (My ISP doesn't know about them, only my internal DNS).
Bob's your uncle.
All this is becoming rather involved though, and I would suggest perhaps talking to your LAN administrator about it. We've done a whole lot of 'working around' issues, when actually it could be easily resolved with a little configuration on a network admin's part.
Glad it's working now though.
Slick.