Random website connection attempts dropped

I occasionally do work on the side for my old boss at my old company.  Long story short, they still have the old Pix 515 that was setup many years ago.  It was last upgraded to version 6.2.  Recently they switched over to a new ISP and had another company come in and configure the Pix with the new address scheme.  

Since that time they've found that certain web sites they go to will show up as unable to be displayed.  Some web sites work, some don't.  So far I've remoted in to a server there to compare what they get to what I get at home.  I thought it may be a DNS issue but the nslookups are the same at both locations for all web sites.  

I went in and hooked a laptop on the outside of the Pix and was able to get to the web site just fine.  The problem is going through it.  What I have noticed from the 3 web sites he gave me is they all started with a 216 address, the same as their network.  He hasn't gotten me all the url's yet.  

Following is the config.  It needs to be cleaned up.  The network was a 192 and was switched to a 10.  The conversion never completed before the company was sold off into many divisions.  Anyway, here is the config

PIX Version 6.2(2)                  
nameif ethernet0 outside security0                                  
nameif ethernet1 inside security100                                  
nameif ethernet2 dmz1 security50                                
nameif ethernet3 intf3 security15                                
nameif ethernet4 intf4 security20                                
nameif ethernet5 intf5 security25                                
enable password Z5fhsnk.Uhr.xAh3 encrypted                                          
passwd Z5fhsnk.Uhr.xAh3 encrypted                                
hostname VPIFW1              
domain-name vpicorp.com                      
fixup protocol ftp 21                    
fixup protocol h323 h225 1720                            
fixup protocol h323 ras 1718-1719                                
fixup protocol ils 389                      
fixup protocol rsh 514                      
fixup protocol rtsp 554                      
fixup protocol smtp 25                      
fixup protocol sqlnet 1521                          
fixup protocol sip 5060                      
fixup protocol skinny 2000                          
no fixup protocol http 80                        
no names                              
pager lines 22              
logging on          
logging timestamp                
logging buffered debugging                          
logging trap informational                          
logging host inside                                
logging host inside                                
interface ethernet0 auto                        
interface ethernet1 auto                        
interface ethernet2 auto                        
interface ethernet3 auto shutdown                                
interface ethernet4 auto shutdown                                
interface ethernet5 auto shutdown                                
mtu outside 1500                
mtu inside 1500              
mtu dmz1 1500            
mtu intf3 1500              
mtu intf4 1500              
mtu intf5 1500              
ip address outside 216.xxx.xxx.xxx                                          
ip address inside 10.x.x.x                                      
ip address dmz1 172.x.x.x                                      
ip address intf3                                          
ip address intf4                                          
ip address intf5                                          
ip audit info action alarm                          
ip audit attack action alarm                            
failover timeout 0:00:00                        
failover poll 15                
failover ip address outside 216.x.x.x                                      
failover ip address inside 10.x.x.x                                  
failover ip address dmz1 172.x.x.x                                
failover ip address intf3                                
failover ip address intf4                                
failover ip address intf5                                
pdm history enable                  
arp timeout 14400                
global (outside) 1 216.xxx.xxx.xxx netmask                                                        
global (dmz1) 1 172.x.x.x                          
nat (inside) 1 0 0                                  
nat (dmz1) 1 0 0                                
static (inside,outside) 216.xxx.xxx.xxx 10.x.x.x   netmask 0 0                                                                            
static (inside,outside) 216.xxx.xxx.xxx 10.x.x.x   netmask 0 0                                                                            
conduit permit tcp host 159.x.x.x                                    
conduit permit tcp host 90.x.x.x eq 23202 any                                              
conduit permit tcp host 172.x.x.x eq 450 any                                              
conduit permit udp host 172.x.x.x eq syslog any                                                  
conduit permit icmp any any echo-reply                                      
conduit permit icmp any any unreachable                                      
conduit permit icmp any any time-exceeded                                        
conduit permit icmp any any                          
conduit permit tcp host 216.xxx.xxx.xxx eq www any                                                
conduit permit tcp host 216.xxx.xxx.xxx eq 81 any                                                
conduit permit tcp host 216.xxx.xxx.xxx eq 1723 any                                                  
conduit permit tcp host 216.xxx.xxx.xxx eq https host 207.x.x.x                                                              
conduit permit tcp host 216.xxx.xxx.xxx eq https host 129.x.x.x                                                        
conduit permit tcp host 216.xxx.xxx.xxx eq https host 129.x.x.x                                                              
conduit permit tcp host 216.xxx.xxx.xxx eq 500 host 207.x.x.x                                                            
conduit permit tcp host 216.xxx.xxx.xxx eq 500 host 129.x.x.x                                                          
conduit permit tcp host 216.xxx.xxx.xxx eq 4500 host 207.x.x.x                                                            
conduit permit tcp host 216.xxx.xxx.xxx eq 4500 host 129.x.x.x                                                              
conduit permit tcp host 216.xxx.xxx.xxx eq 3389 any                                                  
conduit permit tcp host 216.xxx.xxx.xxx eq 47 any                                                
conduit permit gre host 216.xxx.xxx.xxx any                                          
conduit permit tcp host 216.xxx.xxx.xxx eq 47 any                                                
conduit permit tcp host 216.xxx.xxx.xxx eq 3389 any                                                  
outbound  10 permit 172.x.x.x 0 ip                                              
outbound  10 permit 80 tcp                                          
outbound  10 permit 25 tcp                                          
outbound  10 permit 110 tcp                                          
outbound  10 permit 23 tcp                                          
outbound  10 permit 21 tcp                                          
outbound  10 permit 53 tcp                                          
outbound  10 deny 80 tcp                                                    
apply (inside) 10 outgoing_src                              
route outside 1                                              
timeout xlate 1:30:00                    
timeout conn 1:00:00 half-closed 0:10:00 udp 0:00:00 rpc 0:10:00 h323 0:05:00 si                                                                                
p 0:30:00 sip_media 0:02:00                          
timeout uauth 0:00:00 absolute                              
aaa-server TACACS+ protocol tacacs+                                  
aaa-server RADIUS protocol radius                                
aaa-server LOCAL protocol local                              
http server enable                  
http outside                                      
no snmp-server location
no snmp-server contact
snmp-server community public
no snmp-server enable traps
floodguard enable
sysopt connection permit-ipsec
no sysopt route dnat
crypto ipsec transform-set authenc esp-des esp-md5-hmac
isakmp enable outside
isakmp key ******** address netmask
isakmp policy 10 authentication pre-share
isakmp policy 10 encryption des
isakmp policy 10 hash md5
isakmp policy 10 group 1
isakmp policy 10 lifetime 86400
telnet xxx.xxx.xxx.xxx outside
telnet 192.x.x.x inside
telnet inside
telnet timeout 50
ssh xxx.xxx.xxx.xxx outside
ssh timeout 15
terminal width 200

Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

It's showing as a class A network.. ip address outside 216.xxx.xxx.xxx  so it thinks that everything that is 216.x.x.x is its own network.  This should probably be class C at best and even subnetted down further.. you need to get the proper settings from the ISP.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
>ip address outside 216.xxx.xxx.xxx  
This mask is incorrect.
It should be at best
FLPeopleAuthor Commented:
It's good to have a pair of eyes that knows what it is looking for.  

Thank you
FLPeopleAuthor Commented:
Thank you both.  I hopped on and checked it right after DM's response.  It's been a long time since I've done anything Cisco and I verified the external address was OK but never looked there, this makes sense since a lone time ago the address used to be a 65. address.

 I never thought to look there as there is so much cleanup needed for this config I overlooked this section.  I took all the naming lines out that are at that point in the config.  I set up names at first and realized I didn't like them.  Never took them out.  I just took it out when I pasted it to remove stuff that wasn't needed.  

Again, thank you both for your quick and accurate responses.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.