From: Farmingdale,NY, USA
Looks like your connecting to an ICA web page. Unfortunately, from looking at the ICA file on the Metaframe server, they are making you use UDP for ICA browsing. TO explain, for normal ICA connections, you use TCP port 1494 in order to connect to a Citrix Server. However, in order to connect to a published application (like through an ICA file), you need to use the Citrix ICA browser service. BAsically you contact the browser, and it will return a list of applications. There are two ways to setup the Citrix server. The first is to use the older, less secure UDP browsing. This requires you to open UDP port 1604 on your ISA server, as well as other higher ports (i'm not sure which ones because I have never used the UDP method - Check Citrix web site). The better way is to use the new ICA Browsing over TCP (TCPIP+HTTP). This is what my second article discusses.
It still doesnt' explain how the SecureNAT client connects, but the Firewall client does not. Are you sure that the SecureNAT client is not accessing the INternet via another path??? (thus bypasssing the ISA server totally?)
Try and give me some details of your ISa server, and i'll see if I can spot anything.