THANKS for your reply.

I tried it, it worked, but a new problem arose.

When I typed in the above command, I got the PIX error:

fgsagfsfg(config)# global (outside) 1 interface

Warning: Start and End addresses overlap with broadcast address.

outside interface address added to PAT pool

It does accept the command, but that may be part of the problem?

Pix 501 with config below, IP/secure data changed of course.

Pix 501 in an office witn 35 computers. Pix replaced Netsonic last night in same wiring config. This AM roughly 5-10 people get excellent internet access, BUT others, apparantly random, cannot do DNS lookups to the ISP DNS server. They can't ping or do nslookup on the DNS server. It's "gone". Failed DNS access "rotates" amongst users.

Show xlate

shows PAT successfully resolving names. They do timeout quickly though.

I then replace PIX with old SonicWall, instant fix, DNS=perfect. Internet access=perfect.

What is the 501 Pix doing with DNS and/or UDP and/or ICMP?

Clues? Hints? Ideas? Xlate timeout issues? Thanks for ANY help!

PIX Version 6.2(2)

nameif ethernet0 outside security0

nameif ethernet1 inside security100

hostname gsggswrtgert

fixup protocol ftp 21

fixup protocol http 80

fixup protocol h323 h225 1720

fixup protocol h323 ras 1718-1719

fixup protocol ils 389

fixup protocol rsh 514

fixup protocol rtsp 554

fixup protocol smtp 25

fixup protocol sqlnet 1521

fixup protocol sip 5060

fixup protocol skinny 2000

names

access-list 101 permit ip 10.0.0.0 255.255.255.0 192.168.1.0 255.255.255.0

access-list 101 permit ip 10.0.0.0 255.255.255.0 10.0.1.0 255.255.255.0

access-list 110 permit ip 10.0.0.0 255.255.255.0 192.168.1.0 255.255.255.0

pager lines 24

interface ethernet0 10baset

interface ethernet1 10full

mtu outside 1500

mtu inside 1500

ip address outside 116.166.249.100 255.255.255.240

ip address inside 10.0.0.200 255.255.255.0

ip audit info action alarm

ip audit attack action alarm

ip local pool ippool 10.0.1.1-10.0.1.254

pdm location 24523452 255.255.255.0 outside

pdm logging informational 100

pdm history enable

arp timeout 14400

global (outside) 1 interface

nat (inside) 0 access-list 101

nat (inside) 1 0.0.0.0 0.0.0.0 0 0

conduit permit icmp any any

route outside 0.0.0.0 0.0.0.0 116.166.249.97 1

timeout xlate 0:05:00

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h323 0:05:00 si

p 0:30:00 sip_media 0:02:00

timeout uauth 0:05:00 absolute

aaa-server TACACS+ protocol tacacs+

aaa-server RADIUS protocol radius

aaa-server LOCAL protocol local

no snmp-server location

no snmp-server contact

snmp-server community rergewrgwsgqa

no snmp-server enable traps

floodguard enable

sysopt connection permit-ipsec

no sysopt route dnat

crypto ipsec transform-set vpn esp-3des esp-sha-hmac

crypto dynamic-map dynmap 10 set transform-set vpn

crypto map canton 1 ipsec-isakmp

crypto map canton 1 match address 110

crypto map canton 1 set peer 116.166.249.101

crypto map canton 1 set transform-set vpn

crypto map canton 5 ipsec-isakmp dynamic dynmap

crypto map canton interface outside

isakmp enable outside

isakmp key ******** address 116.166.249.101 netmask 255.255.255.255

isakmp identity address

isakmp policy 1 authentication pre-share

isakmp policy 1 encryption 3des

isakmp policy 1 hash sha

isakmp policy 1 group 2

isakmp policy 1 lifetime 1000

vpngroup msipeoria address-pool ippool

vpngroup msipeoria dns-server 10.0.0.2

vpngroup msipeoria wins-server 10.0.0.9

vpngroup msipeoria default-domain ewrgtwergtwrgq

vpngroup msipeoria password 525345wewe

ssh timeout 5

terminal width 80

: end