CRM - Cross Domain Functionality Through F5

Hi,

Our topology looks like this

CRM_SERVER := internal.domain.com
   ^^
   F5 := external.domain.com
     \
      Azure plugin/SaaS service
      

We are having issues where the external Azure plugin, in this case Click Dimensions, is raising an authentication exception when processing CRM data.

We have the following iRule in place to handle header and payload rewrites.

when HTTP_REQUEST {
    if { [HTTP::header host] eq "crmdev.external.com" } {
       HTTP::header replace Host "crmdev.internal.com"
    }

      Disable the stream filter for all requests
     STREAM::disable

      LTM does not uncompress response content, so if the server has compression enabled
      and it cannot be disabled on the server, we can prevent the server from 
      sending a compressed response by removing the compression offerings from the client
     HTTP::header remove "Accept-Encoding"

}

when HTTP_RESPONSE {
     Rewrite the Location header replacing the internal hostname with the external hostname
    HTTP::header replace Location [string map -nocase {"crmdev.internal.com" "crmdev.external.com"} [HTTP::header Location]]
     only do this for text-based responses        
    if { [HTTP::header Content-Type] contains "text" } {        
         establish the stream expression             
        STREAM::expression {@http://crmdev.internal@https://crmdev.external@ @https://crmdev.internal@https://crmdev.external@}
        STREAM::expression {@crmdev.internal@crmdev.external@}
         enable stream processing            
        STREAM::enable
    }

}

As the F5 is in SSL offload mode, do we need to include anything to handle the HTTP 401 Challenge/Response to the IIS server? Or has anyone experienced similar issues where the F5 acts as the external face for applications on an internal domain?