Exchange 2010 OAB and Cisco ASA 5510

Running out of ideas, we have spent over 20 hours with Microsoft Exchange Support on this issue.  We have a new Exchange 2010 server which is working and in production.  It is in coexhistance with Exchange 2003 and CAS is working between two servers.  However the OAB will NOT distribute to Outlook 2007/2010 clients for Exch 2010 users (outside of the domain).  Microsot paid support has spent endless hours going through settings and they are now saying it is a firewall issue (because domain joined PC can download the OAB..just https/rpc clients cannnot)  We have a Cisco asa 5510 as the firewall, our isp gave us an interface public IP w/ a CIDR block of which we are using one of the static IP's to static nat ports 443 and 80 to exchange.   Any ideas?  we can download the oab xml file via http://mail.xxx.com/guid/oab.xml from the internet.. Hopefully someone has an idea of what could be causing this problem in our Cisco.

thanks