RPC Proxy doesn't work: 2013/2010 Co-Existence with Outlook Anywhere

ISSUE: Can't RPC Proxy Outlook Anywhere requests for Exchange 2010 mailbox users via the Exchange 2013 CAS.

SYMPTOMS: Externally with TestExchangeConnectivity.com, I get 'RPC Proxy Can't Be Pinged' with 'An HTTP 401 Unauthorized response was received from the remote Unknown server'.

SETUP:

Exchange 2013 CU2
Get-OutlookAnywhere Details:
ExternalHostname: webapp.mydomain.com
InternalHostname: ex2013.mydomain.local
ExternalClientAuthenticationMethod: Basic
InternalClientAuthenticationMethod: Ntlm
IISAuthenticationMethods: Basic, Ntlm, Negotiate
SSLOffloading: False

Certificate on 2013 server contains the names: ex2013.mydomain.local, webapp.mydomain.com, AutoDiscover.mydomain.local, AutoDiscover.mydomain.com, mydomain.local, mydomain.com

Exchange 2010 SP3 update rollup 1
Get-OutlookAnywhere Details:
ExternalHostname: webapp.mydomain.com
ClientAuthenticationMethod: Basic
IISAuthenticationMethods: Basic, Ntlm
SSLOffloading: False

Certificate on 2010 server contains the names: ex2010.mydomain.local, webapp.mydomain.com, autodiscover.mydomain.local, autodiscover.mydomain.com

Outlook providers:
EXCH  CertPrincipalName: msstd:webapp.mydomain.com
EXPR  CertPrincipalName: msstd:*.mydomain.com    (as I use an external reverse proxy with a public wildcard certificate)

ADDITIONAL DETAILS:
- With the above settings, Outlook 2010 doesn't seem to be able to proxy RPC through Exchange 2013.

Testing manually with RPCPING utility:
- Requests for port 6001 directed to Exchange 2010 for people with mailbox on Exchange 2010: works correctly
- Requests for port 6001 directed to Exchange 2013 for people with mailbox on Exchange 2013: works correctly
- Requests for port 6001 directed to Exchange 2013 for people with mailbox on Exchange 2010: error 401.1 Unauthorized

OWA and Activesync through Exchange 2013 for people with mailbox on Exchange 2010 are working fine.
Only RPC over HTTP seems to have problems.

- Here are some pertinent lines from the 2010 CAS server's IIS logs for a 2013 to 2010 RPC access:
2013-10-10 13:02:16 10.62.6.56 RPC_IN_DATA /rpc/rpcproxy.dll ex2010.mydomain.local:6001 443 - 10.62.6.50 MSRPC 401 1 2148074248 624
2013-10-10 13:02:16 10.62.6.56 RPC_OUT_DATA /rpc/rpcproxy.dll ex2010.mydomain.local:6001 443 - 10.62.6.50 MSRPC 401 1 2148074248 624
2013-10-10 13:02:16 10.62.6.56 RPC_IN_DATA /rpc/rpcproxy.dll - 443 - 10.62.6.50 HttpProxy.ClientAccessServer2010Ping 401 2 5 780

- Here are some pertinent lines from the 2013 CAS server's IIS logs for the same 2013 to 2010 RPC access:
2013-10-10 13:02:14 10.62.6.50 RPC_IN_DATA /rpc/rpcproxy.dll ex2010.mydomain.local:6001&RequestId=b6464f37-a9fe-4f84-a32b-ff9af689607c&cafeReqId=b6464f37-a9fe-4f84-a32b-ff9af689607c; 443 - 10.62.7.15 MSRPC - 401 1 2148074254 4726
2013-10-10 13:02:14 10.62.6.50 RPC_OUT_DATA /rpc/rpcproxy.dll ex2010.mydomain.local:6001&RequestId=4acc0118-7fac-49db-976d-152a4a6839b2&cafeReqId=4acc0118-7fac-49db-976d-152a4a6839b2; 443 - 10.62.7.15 MSRPC - 401 1 2148074254 0
2013-10-10 13:02:16 10.62.6.50 RPC_OUT_DATA /rpc/rpcproxy.dll ex2010.mydomain.local:6001&RequestId=a591fb11-98c3-44e6-90c7-f719c7047fe4&cafeReqId=a591fb11-98c3-44e6-90c7-f719c7047fe4; 443 dom\2010user 10.62.7.15 MSRPC - 401 0 64 1544
2013-10-10 13:02:16 10.62.6.50 RPC_IN_DATA /rpc/rpcproxy.dll ex2010.mydomain.local:6001&RequestId=fbb94579-8d0b-41d7-8103-45c945141bd7&cafeReqId=fbb94579-8d0b-41d7-8103-45c945141bd7; 443 dom\2010user 10.62.7.15 MSRPC - 200 0 64 1700

Any thoughts or comments are highly appreciated. Let me know if additional details are needed.