CISCO PIX 501 suspected of malfunction

I read through the post.    

Here are my thoughts....  
#1 - if the Zytel was broke / replaced with the same configs, then nothing should have changed on the inside and all should still be working.       Was the PIX fiddled with during troubleshooting?    If so, do you have a copy of the original working config?  We could easy compare the 2.  

#2 - The Access lists was up to much discussion.    The only ACL there controls inbound traffic to the network.   All outbound traffic is allowed.  
>>access-group acl_group in interface outside

#3 - You are natting all inbound traffic outbound on the PIX.
>>global (outside) 1 interface
>>nat (inside) 1 0.0.0.0 0.0.0.0 0 0

So any inside PC should be able to get NAt'd and be sent outbound.   If this is not happening, then check these on the PIX command line.  

>clear xlate
That will remove all current nat's.   Now try getting outbound.
> show xlate
This will show the current nats and you should see 1 for the PC you are testing from.  

If the nat is there then you should have communication outbound.

Thanks Mike,

As far as I am aware the pix was not fiddled with at all except before the problem happened.. and that was only to allow inbound traffic on the ports mentioned for RWW and Outlook anywhere.. I also removed the lines that were directing traffic from the now defunct smtp and https feed on 217.36.14.220..

There is no NAT on theZyxel router/modem so I am relying on the PIX to fulfill that function..

this is the current status

pixfirewall> enable
Password:
pixfirewall# show xlate
20 in use, 67 most used
PAT Global 217.36.14.221(3821) Local 192.168.0.23(1938)
PAT Global 217.36.14.221(3820) Local 192.168.0.16(3729)
PAT Global 217.36.14.221(3823) Local 192.168.0.23(1939)
PAT Global 217.36.14.221(3822) Local 192.168.0.16(3730)
PAT Global 217.36.14.221(3817) Local 192.168.0.23(1937)
PAT Global 217.36.14.221(3819) Local 192.168.0.11(1945)
PAT Global 217.36.14.221(3818) Local 192.168.0.11(1944)
PAT Global 217.36.14.221(3829) Local 192.168.0.16(3734)
PAT Global 217.36.14.221(3828) Local 192.168.0.23(1942)
PAT Global 217.36.14.221(3831) Local 192.168.0.23(1951)
PAT Global 217.36.14.221(3830) Local 192.168.0.23(1943)
PAT Global 217.36.14.221(3825) Local 192.168.0.11(1948)
PAT Global 217.36.14.221(3824) Local 192.168.0.23(1941)
PAT Global 217.36.14.221(3827) Local 192.168.0.16(3733)
PAT Global 217.36.14.221(3826) Local 192.168.0.11(1949)
PAT Global 217.36.14.221(3832) Local 192.168.0.23(1952)
PAT Global 217.36.14.221(1) Local 192.168.0.13(123)
Global 217.36.14.210 Local 192.168.0.50
PAT Global 217.36.14.221(2) Local 192.168.0.13(500)
PAT Global 217.36.14.221(1024) Local 192.168.0.27(3076)
pixfirewall#

I cannot get to a pc right now to try and connect .. I'll try tomorrow.. Does the above tell you anything?

Thanks for your help.. Omar

The only thing I can tell from that is that there are various machines on 192.168.0.x using the 217.36.14.221 ip for outbound NAT (i assume that's the interface IP).    And that there is a static 1 to 1 for 192.168.0.50 to 217.36.14.210

From this it looks like outbound nat is working.  

Thanks.. this is the result of connecting.. or attempting ! to connect a client as you requested..
So if Nat'ing is OK.. what on earth is stopping the browsing?? I'm at a loss!!

I thought I might hook up the old server over the weekend and see if that still works with a client attached.. have a nice weekend!

pixfirewall# show xlate
13 in use, 67 most used
PAT Global 217.36.14.221(14517) Local 192.168.0.11(1069)
PAT Global 217.36.14.221(14516) Local 192.168.0.11(1067)
PAT Global 217.36.14.221(14519) Local 192.168.0.11(1072)
PAT Global 217.36.14.221(14518) Local 192.168.0.11(1070)
PAT Global 217.36.14.221(14513) Local 192.168.0.11(1065)
PAT Global 217.36.14.221(14512) Local 192.168.0.105(1771)
PAT Global 217.36.14.221(14515) Local 192.168.0.23(4632)
PAT Global 217.36.14.221(14514) Local 192.168.0.19(3715)
PAT Global 217.36.14.221(14521) Local 192.168.0.23(4633)
PAT Global 217.36.14.221(14520) Local 192.168.0.19(3716)
Global 217.36.14.210 Local 192.168.0.50
PAT Global 217.36.14.221(33) Local 192.168.0.13(123)
PAT Global 217.36.14.221(1026) Local 192.168.0.27(3076)

Hi Mike,
I thought I'd said in the other post, I m unable to ping any outside addresses from the cisco interface.. This has started since this situation arose.. I can ping any number of internal addresses and they can ping the internali interface on the PIX..

nslookup on server reports default server unknown which is strange! I have the forwarders in place

can you see me gives the right IP but says
Error: I could not see your service on 217.36.14.210 on port (80)
from server:
C:\Users\Omar>nslookup www.google.com
Server:  UnKnown
Address:  fe80::8da:709:ecce:d11c

Non-authoritative answer:
Name:    www.l.google.com
Address:  173.194.37.104
Aliases:  www.google.com
I'll try to get on to a client and run from there
Thanks again

I have a range of 16 IP's one I have assigned to the inside of the router/modem  another to the outsde of the PIX.  I have pointed remote .comapny.co.uk to a third IP and havedirected there my SMTP feed to that address.. and email is comingin ok and going out.
DSL modem is acting purely as a modem NO NAT No DHCP No firewall..

I just spent some time talking to the ISP... transpires someone (God bless hiom/her) gave me some information which was plain wrong.. because they assumed, probably that I had just ONE fixed IP!  So Anyway the clients now connect and I can get on with some useful work again!

Thank you so much for your patience and invaluable pushing to the right direction..

I'm going to split the points.. As nobody else came in with you on this one.. you get them all for this post! Many thanks