I am trying to set up an https F5 LTM VIP for one application that authenticates users using NTLM. However, when I used SSL bridging for the VIP, users kept receiving authentication windows popping up asking to enter user/pass even after they keyed in their username/password and clicked log on, and could not move further. The authentication process worked well when I changed the VIP to SSL off-load mode. I did a packet capture (with SSL decryption) to determine if there was different between SSL traffic and http traffic at server side and saw no different in packet content sent from F5 to server. The only different that I found was that at the end of NTLM authentication (client send NTLMSSP_AUTH message to server), the server started returning webpage content to F5 (then to user) in SSL offload mode while it returned 401 request with "WWW-Authentication: Negotiate" when the VIP was in SSL bridging mode. The application works well when browsing directly to real server using both http/https.
