I changed the global statement to another IP address and the PC was able to ping on the Internet. I also removed the inside route and the PC was still able to ping ... I am curious. Where did you find this information? I used: http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_v4/pixcfg/pixc ncfg.htm Pierre-Alex -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of cheekin Sent: Wednesday, August 08, 2001 8:27 AM To: [EMAIL PROTECTED] Subject: Re: Can't ping outside of PIX [7:15205] I think you will need to give a different range of IP address for the global statement. The global statement and the outside interface are using the same ip address. I also think that the route inside statement is not necessary in this case. You can use sh route to display the routing table. PIX gurus, correct me if I am wrong. cheekin ----- Original Message ----- From: "Pierre-Alex" To: Sent: Wednesday, August 08, 2001 11:34 Subject: Can't ping outside of PIX [7:15205] > I have spent the all day on the problem below and I still can't see what I > did wrong. > > Can you help? > > The PC can ping the inside ip address of the firewall > The Firewall can ping the default-gateway and anything on the Internet > But I cannot get the PC to ping the outside IP address of the firewall > (208.136.247.214) > or anything outside like (206.26.90.8). > > > |PC|(1)----------(2)|PIX|(3)-----------------(4)--DSL MODEM > > PC (1): ip address 10.1.1.12 > subnet mask: 255.255.255.0 > default gateway: 10.1.1.10 > > PIX (2): ip adddress 10.1.1.10 > subnet mask: 255.255.255.0 > > PIX (3i ip address 208.136.247.214 > subnet mask: 255.255.255.0 > > DSL MODEM (4): ip address 208.136.247.1 > subnet mask: 255.255.255.0 > > > > PIX Version 4.0.7 > enable password 8Ry2YjIyt7RRXU24 encrypted > passwd kIQggKv8.UiICW/r encrypted > hostname pixfirewall > failover > names > syslog output 20.3 > no syslog console > interface ethernet outside 10baset > interface ethernet inside 10baset > ip address inside 10.1.1.10 255.255.255.0 > ip address outside 208.136.247.214 255.255.255.0 > arp timeout 14400 > global 1 208.136.247.214-208.136.247.214 > nat 1 0.0.0.0 0.0.0.0 > age 10 > no rip outside passive > no rip outside default > no rip inside passive > no rip inside default > route outside 0.0.0.0 0.0.0.0 208.136.247.1 1 > route inside 0.0.0.0 0.0.0.0 10.1.1.12 > timeout xlate 24:00:00 conn 12:00:00 udp 0:02:00 > timeout rpc 0:10:00 h323 0:05:00 uauth 0:05:00 > no snmp-server location > no snmp-server contact > mtu outside 1500 > mtu inside 1500 > : end > [OK] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=15316&t=15316 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]