Do the following: 1 - Make sure that testpc (10.250.77.3) is configured with the default gateway of the inside interface of the pix firewall which in this case is 10.250.77.1
2 - paste these commands in your pix firewall access-list aclout permit icmp any any access-list aclin permit icmp any any access-group aclin in interface inside If you did this then you will be able to ping from testpc to the inside interface of the pix firewall and vice versa. Something else I have noticed that you have little mistakes in your acl commands, Look here for example access-list oxfordhub permit ip 10.250.77.0 255.255.255.0 10.250.4.0 255.255.255.0 You are telling the Pix firewall to allow the packets to move from the 10.250.77.0 to 10.250.40 while this is allowed by default, the source address should be 10.250.4.0 255.255.255.0 and the destination should be 10.250.77.0 255.255.255.0 Also the access list name! It should be the same as the name in the access-group because you are binding your access group to aclout so all your access-list should be aclout. The command should be access-list oxfordhub permit ip 10.250.4.0 255.255.255.0 10.250.77.0 255.255.255.0 apply the same case for the other access-list commands access-list aclout permit ip 10.250.4.0 255.255.255.0 10.250.77.0 255.255.255.24 access-list aclout permit ip 10.250.3.0 255.255.255.0 10.250.77.0 255.255.255.0 access-list aclout permit ip 10.249.32.0 255.255.255.0 10.250.77.0 255.255.255.24 FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]