APM - Portal Access using Route Domains

Hey all,

 

Having a little trouble with this one and seeing if anyone can advise.

 

I have a BIG-IP APM on 11.6.0 HF3 ENG.

 

It has an external public facing interface (RD:0), an internal interface (RD:0) for authentication etc, and an internal interface (RD:1) for authenticated users.

 

I'm trying to setup the following...

 

• External Virtual server has the APM Policy virtual server attached.
• Client connects, executes the policy (presumably gets an "allow") and is placed inside of RD:1. They are then provided a full webtop with two items, a full network access and a portal access (in this case used for Citrix).
• If the client then uses the portal access for Citrix, it should look at a Virtual server on RD:1 which answers the requests and balances the request to a pool of our Citrix Web Interface servers.

The configuration I have in place, for testing, is as follows.

 

Virtual Server: SSL Bridging, Policy Attached, Auto-map SNAT, http profile, rewrite profiles, connectivity, VDI.

 

APM Policy:

 

• Start
• Login Form
• Auth AD
• Variable Assign (Domain for SSO)
• SSO Creds Assignment
• Advanced Resource Assignment (Full WebTop / Portal Access)
• End: Allow

Portal Access: Full Patching, Match Cases, Publish WebTop, App Start URI: https:///Citrix/XenApp/ Resource item: :443/*

 

I have also tried %1:443/* (as per an article I saw on here).

 

I've also tried changing the app start uri to affix %1 but that just b0rks the host part up.

 

Interesting though, if I tell the portal access to go to one of the CWI servers directly, tcpdump shows no traffic leaving RD:1's interface. Neither have I seen any going anywhere else, just an immediate drop.

 

Appreciate any and all input.

 

Thanks,

 

JD.