We've installed an ASA and were having issues between Outlook users on the Internet and our Exchange server behind the firewall. Outlook web access works and HTTPS is open from the Internet but when users try and set there "out of office" or look at "free busy" I see TCPReset-O in the logs on the session. From what I understand the outlook client is using RPC over HTTPS for this connection to the server. Has anyone seen this before with Outlook and Exchange through an ASA before?
If this is DCERPC there is limited support on the firewall platforms for this protocol. I'd suggest getting captures on the outside interface to try and figure out who is sending the reset packets and why.
I am not familiar with this but one of my colleagues worked on an ASA SSL VPN project and NTLM v2 authentication. He spent about four weeks working with Cisco developers on this issue. Despite what Cisco stated in the documentation, NTLM v2 authentication does NOT work with Cisco ASA. Because of this requirements, we decided to go with F5 Firepass SSL VPN.
Plumbis, there should be a Cisco TAC case on this issue.
I do have a TAC case open but we have not been able to get it working yet. Packet captures show the client is sending the reset to the server so I'm not sure if the ASA is altering the NTLM traffic or not. I've have read a few posts referring to Web and SSL VPN issues with NTLM but we're just just coming over the Internet hitting our Exchange system without a VPN.
If we get this working I'll post the fix but I think TAC is leaning towards an application issue because the ASA is not dropping the traffic. This works fine on the LAN not going through he ASA so something is happening here.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...