I'm scratching my head a bit with this one. The answer seems obvious but I can't pin it down.
When inside the firewall I can access the IDP metadata and life is good.

From outside the firewall when I go to access the meta data I get a:
403 Host name received is not for this web site

Except that it is the same internally and externally. Copy and paste.

Clearly the traffic is getting there but something along the line appears to be screwing with the
name (I'm assuming something firewall related).

From looking at the packet traces the IDP sees the request with the correct host name! CRAZY!
I've about pulled my hair out trying to flush this out. There is exactly zero logged in the IDP logs.

Any help is most appreciated.