Cisco PIX access-list?

do a "show access-list outbound". Make sure that the "access-list outbound permit tcp host 192.168.xx.xx" lines are before the deny commands. I sometimes make the mistake of adding lines to an access list without specifying "line" in the command, which causes the new access list entry to appear at the end of the list (after the "deny any" commands in your case).