Finally figured this one out and wanted to share... We block all outbound 80 traffic not coming from squid (and the server vlan.. ok, and the admin vlan ;-) when you type in mail.yahoo.com, you actually get redirected to login.yahoo.akadns.net. Going through squid w/ntlm, this works just fine on firefox. With IE, it doesn't work. We have to allow port 80 traffic to akadns.net subnets on our pix. I have ethereal traces and they are actually different from firefox to IE. We even have all yahoo.com and akadns.net as dstdomains.. and before the http_access for the NTLM... still doesn't work with IE. The minute we take the port 80 outbound block off our pix, it works just fine. acl yahoo_mail dstdomain .yahoo.com acl akadns_net dstdomain .akadns.net acl NTLMUsers proxy_auth REQUIRED acl our_networks src 192.168.0.0/16 http_access allow yahoo_mail http_access allow akadns_net http_access allow all NTLMUsers http_access allow our_networks http_access allow localhost Just thought I would share our frustrations... __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com
