Microsoft
@ Chris, do you have any AV software running on those servers? Are they validated for SP2 if so? We haven't heard of issues like this, and it sounds to me like some transport based agent is having trouble. Transport AV scanning might be a good candidate to look at if you have it.
@ David - yes, it's hard, but we have no plans to redirect to internal or external based on source IP, so your options are, use split DNS, so hte external names resolve internally, and then use the FBA feature the same inside and out - send everyone to one site/url and then redirect/SSO to wherever they need to be. Or, use DNS to try and get people to their closest CAS right from the start, tricky, but possible. You know, Windows has location aware DNS built in, it's called subnet mask ordering I think. If the clients and the CAS you want them to use are in the same subnet, windows DNS will return the IP close to the user if it has several. Take a look at that.
