I'm trying the acheive the following using our ACE modules in the Catalyst 6509

when some tries http://intranet --> it should get redirected to https://intranet/abc/wps/portal

however when someone tries https://intranet/pkmslogin.form it should go to the same page https://intranet/pkmslogin.form

Below is my configuration, the first requirement is working fine but the second one is not. Can anyone let me know where am I going wrong.?

access-list PORTAL-LB line 40 extended permit tcp any host X.X.X.X eq www

access-list PORTAL-LB line 48 extended permit tcp any host X.X.X.X eq https

probe tcp Portal-Webseal-Servers

  interval 10

  faildetect 1

  passdetect interval 60

  passdetect count 2

parameter-map type ssl PORTAL-SSL-PARAMMAP

  cipher RSA_WITH_RC4_128_MD5

  cipher RSA_WITH_RC4_128_SHA

  cipher RSA_WITH_3DES_EDE_CBC_SHA

  cipher RSA_WITH_AES_128_CBC_SHA

  cipher RSA_WITH_AES_256_CBC_SHA

action-list type modify http PORTAL-SSL-REWRITE

  ssl url rewrite location "intranet\.*"

rserver host Portal-Inside-Webseal-Server-01

  ip address X.X.X.X

  inservice

rserver host Portal-Inside-Webseal-Server-02

  ip address X.X.X.X  inservice

rserver redirect REDIRECT-TO-HTTPS

  webhost-redirection https://%h/abc/wps/portal 301

  inservice

ssl-proxy service PORTAL-SSL-PROXYSERVICE

  key XXXXXXXXXXXX

  cert XXXXXXXXXXXX

  ssl advanced-options PORTAL-SSL-PARAMMAP

serverfarm redirect PORTAL-HTTPS-REDIRECT

  rserver REDIRECT-TO-HTTPS

    inservice

serverfarm host Portal-Inside-Webseal

  predictor leastconns

  probe Portal-Webseal-Servers

  rserver Portal-Inside-Webseal-Server-01 80

    inservice

  rserver Portal-Inside-Webseal-Server-02 80

    inservice

sticky ip-netmask 255.255.255.255 address both Portal-Webseal-Sticky

  timeout 3

  serverfarm Portal-Inside-Webseal

class-map match-all PORTAL-SSL-L4CLASS

  2 match virtual-address 10.0.16.111 tcp eq https

class-map match-any Portal-L4CLASS

  2 match virtual-address 10.0.16.111 tcp eq www

policy-map type loadbalance first-match PORTAL-REDIRECT-PM

  class class-default

    serverfarm PORTAL-HTTPS-REDIRECT

policy-map type loadbalance http first-match Portal-Webseal

  class class-default

    sticky-serverfarm Portal-Webseal-Sticky

    action PORTAL-SSL-REWRITE

policy-map multi-match Portal-Webseal-SSL-VIP

  class PORTAL-SSL-L4CLASS

    loadbalance vip inservice

    loadbalance policy Portal-Webseal

    loadbalance vip icmp-reply

    nat dynamic 1 vlan XX

    ssl-proxy server PORTAL-SSL-PROXYSERVICE

  class Portal-L4CLASS

    loadbalance vip inservice

    loadbalance policy PORTAL-REDIRECT-PM

interface vlan XX

  ip address X.X.X.X 255.255.255.0

  alias X.X.X.X 255.255.255.0

  peer ip address X.X.X.X 255.255.255.0

  access-group input PORTAL-LB

  nat-pool 1 X.X.X.X X.X.X.X netmask 255.255.255.255 pat

  service-policy input Portal-Webseal-SSL-VIP

  no shutdown