506e pix port redirection citrix

[slick007]

Trying to redirect citrix clients to a interbal server. I can access the https login screen and the list of application show up, but when I try start a application it always fails to connect to citrix server. After that I'm unable to connect back to the citrix login site, I have to reboot the pix in order to do so.
Any ideas

PIX SETUP
name 10.0.3.230 portal
access-list outside_in permit tcp any any eq https
access-list outside_in permit tcp any any eq citrix-ica
access-list outside_in permit udp any any eq 1604

ip address outside xxx.xxx.116.134 255.255.255.128
ip address inside 10.0.3.9 255.255.252.0

global (outside) 1 interface
nat (inside) 1 0.0.0.0 0.0.0.0 0 0

static (inside,outside) tcp xxx.xxx.116.134 https portal https netmask 255.255.255.255 0 0
static (inside,outside) tcp xxx.xxx.116.134 citrix-ica portal citrix-ica netmask 255.255.255.255 0 0
static (inside,outside) udp interface 1604 portal 1604 netmask 255.255.255.255 0 0

access-group outside_in in interface outside
access-group inside_access_in in interface inside
route inside 0.0.0.0 0.0.0.0 xxx.xxx.116.134 1

 

[frelaxx]

slick007

You didn't include the ACL for inside_access_in, it is possible that you are blocking the reverse traffic with this ACL.

 

[slick007]

oops I cut that out when posting, my ACL in has this
access-list inside_access_in permit udp any any (hitcnt=0)
access-list inside_access_in permit tcp any any (hitcnt=0)

 

[slick007]

got it. my pix setting were ok. had to go into the registery on the pix server and remove the old ipaddress from the citrix-ica value. it didn't change when i made the changes from the manager

thanks for the help