Unable to Ping Internet from server

maybe there is a rule on the Cisco blocking
your server IP

Your server may have come with Internet and Security Acceleration  (ISA) Server installed since it is SBS.  Check to see if that is installed.  If so you will either need to uninstall it or add rules to allow ping to/from external addresses.

The Cisco is not blocking the server.  The clients can browse the Internet.  Also, I have looked at the configuration adn it is good.  Also, there have been no changes on the pix since last month.

I apologize for not telling you which SBS I have.  It is actually SBS 2003 standard.  There is no ISA firewall installed on the server.  Thanks for your ideas.

Can you post an ipconfig /all for both your PCs and your server?
Your hunch seems right about the DNS. If you are running Active directory your server needs to use itself as the DNS server and then in the DNS server properties there is a forwarder tab you need to put the providers DNS servers there.

You can also test the DNS.  Open a command prompt and type nslookup . Do a lookup for a known website such as google.com or yahoo.com.  If you get a timeout error, try pinging an external site by the ip address and not the DNS name. Here is google.com's open external address: 64.233.167.147 .  
Also what type of DSL modem was supplied.  I have had issues with the 2wire modems with built in firewalls.

Is the default gateway address on your server correct?  (pointing at the Cisco firewall?)

The nslookup failed when using Google's IP address.  Nslookup said "DNS request timed-out" and "Request to servername.domainname.local timed-out".  

The default gateway is set to the Cisco Pix firewall.

The ipconfig /all for the server is:
DHCP Enabled? No
IP address:  192.168.12.10
Subnet mask:  255.255.255.0
Default Gateway:  192.168.12.1
DNS Servers:  192.168.12.10
                        205.152.37.23
                        205.152.132.23
WINS               192.168.12.10

The client machines ipconfig /all is:
DHCP Enable? Yes
IP address:  192.168.12.1xx
Subnet Mask:  255.255.255.0
Default Gateway: 192.168.12.1
DNS Servers:  192.168.12.10
                         205.152.132.23
                         205.152.37.23
WINS Server:   192.168.12.10

If the client machines ue only the local server as the DNS server, then they cannot surf the internet, but can still ping websites.  When the server uses only the Bellsouth DNS servers it still cannot surf the Internet, nor can it ping websites by name or IP address.

The DSL modem is a Netopia from Bellsouth, but it is not the culprit.  If it was then no one could get to the Internet even with the Bellsouth DNS servers.  Also, no changes have been made to the DSL modem since it was installed.

Right now, the server only has the Bellsouth DNS servers in its IP properties.  I tried pinging the Bellsouth DNS server and got  1 reply.  I tried it again and got 3 replies.  I tried it a few more times and got no replies (all "Request timed out").

Just to rule out the PIX, I would take a laptop and plug it directly into the DSL modem.  Assuming you have a dynamic IP from Bellsouth, just wait for it to connect when you plug in the ethernet card and do some testing from there (ping, nslookup, etc.).  If everything works from there, make sure you have fixup protocol dns in your PIX.  Then try nslookup from your server/workstations again.  nslookup should default to your 192.168.12.10 address, but you can also test the secondary DNS by typing server 205.152.132.23 or server 205.152.37.23 .  
Would you mind posting your PIX config?

Hooked up my laptop directly to the DSL modem.  Could get to the Internet, ping passed, and nslookup passed.  I did the same thing with my laptop and the Cisco PIx.  The laptop got an intermal IP address form the DHCP server (the SBS server).  All of the test passed.  fixup protocol dns maximum-length 512 command is in the pix configuration.  

Ping and nslookup still fail on server only.  I have been running a ping -t command to Bellsouth's DNS server and about 15% of the pings actually get replies.  The others get Request timed out.  When I do get a reply it comes in groups.  I usually get about 12 - 15 replies in a row and then it goes back to Request timed out.  

Here is my pix configuration:


PIX Version 6.3(5)
interface ethernet0 auto
interface ethernet1 100full
nameif ethernet0 outside security0
nameif ethernet1 inside security100
enable password 5KdS6c1u9S3qp4.F encrypted
passwd 5KdS6c1u9S3qp4.F encrypted
hostname HTFfirewall
domain-name Hi-TekFlooring.com
clock timezone EST -5
clock summer-time EDT recurring
fixup protocol dns maximum-length 512
fixup protocol ftp 21
fixup protocol h323 h225 1720
fixup protocol h323 ras 1718-1719
fixup protocol http 80
fixup protocol rsh 514
fixup protocol rtsp 554
fixup protocol sip 5060
fixup protocol sip udp 5060
fixup protocol skinny 2000
no fixup protocol smtp 25
fixup protocol sqlnet 1521
fixup protocol tftp 69
names
access-list inbound permit icmp any any
access-list inbound permit tcp any host public IP address eq https
access-list inbound permit tcp any host public IP address eq smtp
access-list inside_outbound_nat0_acl permit ip any 192.168.12.64 255.255.255.192

pager lines 24
mtu outside 1500
mtu inside 1500
ip address outside public IP address 255.255.255.248
ip address inside 192.168.12.1 255.255.255.0
ip audit info action alarm
ip audit attack action alarm
ip local pool VPN_POOL 192.168.12.90-192.168.12.99
pdm location 192.168.12.10 255.255.255.255 inside
pdm location 192.168.1.0 255.255.255.0 inside
pdm location 192.168.12.64 255.255.255.192 outside
pdm logging informational 100
pdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 0 access-list inside_outbound_nat0_acl
nat (inside) 1 0.0.0.0 0.0.0.0 0 0
static (inside,outside) public IP address 192.168.12.10 netmask 255.255.255.255 0 0
access-group inbound in interface outside
route outside 0.0.0.0 0.0.0.0 public IP address 1
timeout xlate 0:05:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00
timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout sip-disconnect 0:02:00 sip-invite 0:03:00
timeout uauth 0:05:00 absolute
aaa-server TACACS+ protocol tacacs+
aaa-server TACACS+ max-failed-attempts 3
aaa-server TACACS+ deadtime 10
aaa-server RADIUS protocol radius
aaa-server RADIUS max-failed-attempts 3
aaa-server RADIUS deadtime 10
aaa-server LOCAL protocol local
http server enable
http 192.168.12.0 255.255.255.0 inside
http 192.168.1.0 255.255.255.0 inside
snmp-server host inside 192.168.12.10
snmp-server location Hi-Tek Flooring
snmp-server contact KMK Technologies 843.965.5658
snmp-server community public
no snmp-server enable traps
floodguard enable
sysopt connection permit-pptp
telnet 192.168.12.0 255.255.255.0 inside
telnet timeout 5
ssh 0.0.0.0 0.0.0.0 outside
ssh timeout 5
management-access inside
console timeout 0
vpdn group PPTP-VDPN-GROUP accept dialin pptp
vpdn group PPTP-VDPN-GROUP ppp authentication mschap
vpdn group PPTP-VDPN-GROUP ppp encryption mppe auto required
vpdn group PPTP-VDPN-GROUP client configuration address local VPN_POOL
vpdn group PPTP-VDPN-GROUP client configuration dns 192.168.12.10
vpdn group PPTP-VDPN-GROUP client configuration wins 192.168.12.10
vpdn group PPTP-VDPN-GROUP pptp echo 60
vpdn group PPTP-VDPN-GROUP client authentication local
vpdn username mhaidary password *********
vpdn username KMKAdmin password *********
vpdn username bookkeeper password *********
vpdn username mansour2 password *********
vpdn enable outside
dhcpd address 192.168.12.205-192.168.12.236 inside
dhcpd lease 3600
dhcpd ping_timeout 750
dhcpd auto_config outside
terminal width 80
Cryptochecksum:6fdc5f91c7eeefaad67ad00a29e7b9fc
: end

I have reviewed the pix configuration and can find nothing wrong with it.

Thanks for your help.

The problem is not with the Cisco pix.  I have done some more testing, such as using another cable in another port on the switch, using a USB network card, and using a different IP address.  My results were that the different cable and switch port made no difference.  I still could not ping or browse the Internet.  When I used another network card, I could ping and browse the Internet as long as I used another IP address than 192.168.12.10.  When I used another IP address on the server's network card other than the existing one (192.168.12.10), I could consistently ping the web and browse the web.  However, my DHCP server went down and I could not access my Trend Micro Security Dashboard because it is tied to the server's previous IP address.  Even though I could go online, my recursive test in my DNS server would fail.  I have reset the IP address to 192.168.12.10 on the server's network card and now the recursive test in the DNS server says Pass, my DHCP server is back online, I can access my Security Dashboard, but I cannot ping the Internet nor browse it.  The ping to the Internet will get a response about 15% of the time.

There is a problem with the IP address of 192.168.12.10, but I am unsure why only that 1 IP address is having a problem.  If anyone has heard of this kind of problem or has a solution, please let me know.  Right now, I am perplexed.  Thanks again.

You may have a winsock issue or problem with registry keys associated with networking that networking component.  Please review this article from Microsoft and then try running netdiag /test:winsock after you have installed netdiag.  If any portion of the test fails, then the winsock registry entry is corrupt.
http://support.microsoft.com/default.aspx?scid=kb%3Ben-us%3B811259
However if you have to remove the corrupt winsock you will have to reinstall TCP/IP protocol on the network adapter.  

Thanks for the sugestion.  I was starting to wonder if it could be a winsock issue.  I ran the netdiag test and all of the test passed.  I will haveto keep researching the problem.  Thanks.

Have you checked the local routing table on the Server to be sure there are not bad entries (open command > type route print)?
Have you had any windows updates install around the time that this all started occuring? I have seen plenty of times a KB hose up things.  

evan021702,

I thought it might be an update.  I have seen where an update stopped all emails from coming in on one SBS server I setup.  While I was eating lunch, I thought about how it was just 192.168.12.10 that was affected, so I decided to look at everything that might mention the IP address of 192.168.12.10.  The DSL modem did not have any mention of that I P address.  I remembered that you mentioned about the static statement in my Cisco PIX, so I went over my configuration again.  This time I decided to try your suggestion about removing the existing static comment and adding the 2 new static comments.  Once I did that, saved the new config, and rebooted the PIX all of the pings to Bellsouth's DNS server started working.  I would have sworn that the PIX was not the problem.  Good thing I'm not a betting man.

Will the new static statement let the PIX know where to send email  to the server (192.168.12.10)?  Thanks for all of your help.  I really appreciate it.

Yes your email should still work. However feel free to test just to be sure.
 Even cisco shows your PIX configuration as correct, however I have always just done it this way so that I am sure that nothing unintentional is statically mapped to my servers. Only the ports you specify will be mapped for each static statement input.
Glad tt worked!!!