Question : Cannot ping websites (by I.P. or by name) from PIX firewall (or PC's)

Recently, I noticed that none of the computers on my network can ping a website (by I.P. or by name).
For instance, none of us can ping yahoo.com (or 216.109.112.135) from inside the network. To complicate further, we were able to do this a short time ago and I can think of nothing I have changed on the network that might have caused this.
I have a Cisco 515 PIX firewall that serves as the gateway between my network and the internet.
I also can not ping websites from the PIX firewall (gateway) - which - to me - would explain why PC's can not ping.
I have an internet circuit provided my Sprint as well as a WAN circuit provided by Sprint (MPLS). Sprint manages the routers for both circuits, though I would be suprised if this is somehow related to a Sprint router.
Any ideas and suggestions are much appreciated.

Answer : Cannot ping websites (by I.P. or by name) from PIX firewall (or PC's)

Imagine the pix is a box and you are sitting in the middle of it.

The outside interface of the pix is on your left.
The inside interface is on your right.

traffic can come into the pix through the outside interface and can go out through the outside interface.
traffic can also come into the pix through the inside interface and can go out through the inside interface.
You can apply an acl to each of the four elements
Traffic coming in through the outside interface
Traffic leaving through the outside interface
Traffic coming in through the inside interface
traffic leaving through the inside interface

Looking at it from sitting insdide the pix.....

You have made an access list called acl_in
If you are monitoring the traffic leaving the PIX (your box) then it is an out acl
If you are monitoring the traffic entering the PIX (your box) then it is an in acl

So imaging the four access-group statements.

access-group acl_in in interface inside (traffic leaving the internal network into the pix)
access-group acl_in out interface inside (traffic leaving the PIX heading for the LAN)
access-group acl_in in interface outside (traffic coming in from the internet into the pix)
access-group acl_in out interface outside (traffic leaving the internet heading from the pix)

You might say why have all of them?

What if you have a DMZ?
What if you acl says allow traffic to leave the dmz to the internet but not allow it from the internal network?
If you put the block on the outside interface, you would block the DMZ AND the internal network...
So instead of putting the ACL on the outbound PIX interface, you put it on the inbound internal interface

HTH

Random Solutions

Website within local network

Cisco 2811 router definig url filetering server

Asus WiFi-AP @n not working!? (was working last night!)

What happens when weblogic loses connection with database

Cannot browse using Windows XP

BT wireless internet via Apple Airport to XP: one works; one doesn't

Problem setting up wireless Home Gateway ASUS WL-500g

IP address port?

Subdomain & CNAME

How do i remove Win32/Corripio.gen!C ?