User690216013 posted
The site redirects to our company's external home page as a 301 redirect.
Everything bad seems to come from this 301 redirection, but when your users are not connected via VPN, their requests won't land on IIS so it is impossible to fix from there.
our infrastructure department says it automatically redirects in DNS and they can't or won't change it.
What they said is partially right and wrong.
So I assume the two sites http://workportal.com and
http://externalhomepage.com are linked by DNS records. In the public network (internet), your network administrators set up a rule to redirect from
http://workportal.com to
http://externalhomepage.com . That makes perfect sense, as the former is not supposed to be publicly accessible. When the users connect via VPN, the DNS queries go through your internal DNS service, and
http://workportal.com goes to the IIS machine(s).
The problem here is your network administrators shouldn't configure a 301 redirection. They can change that to 302 as you might guess, but why they said "they can't or won't change it" is really what you have to dig further.
Most DNS service providers support 302 redirection at DNS level. One example is Google Domains (see "Redirect type" section)
https://support.google.com/domains/answer/4522141?hl=en
Other major providers have similar pages to educate their users.