Do you have some kind of access-list deny'ing outbound ICMP? The pix does NOT block outbound ICMP (or anything for that matter) in it's out of the box config. Look for conduit commands or access-list commands with deny in them for ICMP ________________________________ From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf Of Michael Boggan Sent: Wednesday, February 04, 2004 4:58 PM To: 'thin@xxxxxxxxxxxxx' Subject: [THIN] OT: Network IP routing issue Ok here is something that is driving me nuts. We have internet access in our datacenter. Inside we have 10.10.99.x ip scheme. We use a pix firewall to do NAT from external ip to internal ip. We cannot ping or hit in anyway, the external ips from inside. For example. I have a webserver inside the firewall. From outside we can hit www.domain.com with no problems. But from inside we cannot hit www.domain.com or go to the external ip address. Is there some kind of routing or someway to fix this? Not being able to hit those addresses can be a severe problem for some of our internal wan clients. Thanks, _________________________________ Michael Boggan Network Engineer/Citrix Admin Virtual Desktop Inc. Dallas, Texas Ph: (972) 960-6400 Fax: (972) 960-6445 email: mboggan@xxxxxxxxxxx http://www.virtualdesktopinc.com <http://www.virtualdesktopinc.com> _________________________________