Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

Bronze

ASA 8.0.4 and NTLM

Hi,

We've installed an ASA and were having issues between Outlook users on the Internet and our Exchange server behind the firewall. Outlook web access works and HTTPS is open from the Internet but when users try and set there "out of office" or look at "free busy" I see TCPReset-O in the logs on the session. From what I understand the outlook client is using RPC over HTTPS for this connection to the server. Has anyone seen this before with Outlook and Exchange through an ASA before?

Thanks.

3 REPLIES
Silver

Re: ASA 8.0.4 and NTLM

If this is DCERPC there is limited support on the firewall platforms for this protocol. I'd suggest getting captures on the outside interface to try and figure out who is sending the reset packets and why.

Silver

Re: ASA 8.0.4 and NTLM

I am not familiar with this but one of my colleagues worked on an ASA SSL VPN project and NTLM v2 authentication. He spent about four weeks working with Cisco developers on this issue. Despite what Cisco stated in the documentation, NTLM v2 authentication does NOT work with Cisco ASA. Because of this requirements, we decided to go with F5 Firepass SSL VPN.

Plumbis, there should be a Cisco TAC case on this issue.

Bronze

Re: ASA 8.0.4 and NTLM

Hi,

I do have a TAC case open but we have not been able to get it working yet. Packet captures show the client is sending the reset to the server so I'm not sure if the ASA is altering the NTLM traffic or not. I've have read a few posts referring to Web and SSL VPN issues with NTLM but we're just just coming over the Internet hitting our Exchange system without a VPN.

If we get this working I'll post the fix but I think TAC is leaning towards an application issue because the ASA is not dropping the traffic. This works fine on the LAN not going through he ASA so something is happening here.

Thanks.

760
Views
0
Helpful
3
Replies