Test network connectivity

1. Enter configuration mode and start the debug icmp trace command to monitor ping results through the firewall. In addition, start syslog logging with the logging buffered debugging command to check for denied connections or ping results. The debug messages display directly on the console session. You can view syslog messages with the show logging command.

   Before using the debug command, use the who command to see if there are any telnet sessions to the console. If the debug command finds a telnet session, it automatically sends the debug output to the telnet session instead of the console.

2. Ping from the firewall to a host or router on each interface. For example:

   ping inside 192.168.0.2
   ping dmz1 192.168.1.2
   ping dmz2 192.168.2.2
   ping dmz3 192.168.3.2
   ping dmz4 192.168.4.2
   ping outside 192.150.50.2

   Then ping the PIX Fireall interfaces from the hosts or routers

   Ping the firewall's outside interface: ping 192.150.50.1

   If the pings are not successful, check the debug messages which should have displayed on the console.

To fix unsuccessful pings:

1. Make sure you have a default route command for the outside interface:

   route outside 0 0 192.150.50.2

2. use the show conduit command to ensure that the conduit permit icmp any any command is in the configuration. Add this command if not present.

3. Except for the outside interface, make sure that the host or router on each interface has the firewall as its default gateway. If so, set the host's default gateway to the router and set the routers default route to the firewall.