Thanks for your response. I don't have URL filtering nor Java blocking enabled. A web server is in DMZ and can access this one site without any problem and the other sites as well. But any other PCs inside a firewall can't access only this web site but the other web sites are okay. Hope more ideas from you. Thanks.

Security level for LAN interfaces is 100 while the DMZ is 50. Thanks.

Do you have any outbound access-lists configured limiting SSL, or is everything permitted?

You can access the website from your DMZ? What is the error message you get at the client -a simple timeout?

No outbound access-lists limiting SSL. Everything is permitted. Yes, I can access the web site from DMZ. Error message is a simple time-out, "Page cannot be displayed..."

Any ideas are appreciated. Thanks.

On a workstation from within the LAN, go out to the command prompt (if it is NT or UNIX) and do a

nslookup

make sure you get the same ip address returned as the webserver on the DMZ gets. What could be happening is a name-resolution problem rather than a firewall blocking issue.

Then do a tracert to make sure the packets are getting forwarded to the correct destination. You can also issue a trace from the PIX and see if it matches.

Thanks for your suggestions. You know, what I discovered recently, any web sites that are formatted in cfn can't be accessed by our PCs inside the firewall as against those in html format. Do you know how to modify the PIX to allow cfn formatted web sites to get in? The newer version of I.E. (I.E. 5.5 or 6.0) doesn't help.

Do you know how to allow any web pages with .cfml tag to get in, in the PIX-Firewall? It looks like the PIX is not allowing such format as compared to the regular html format. Thanks.