Your best bet to see if this is a connection issue is to enable syslogging and see if any packets on a particular port are being denied at the PIX. You can then open these up and see if that resolves the problem. To verify quickly whether it's the PIX at fault or not, just add a:
access-list outside_access_in permit ip any any
line so that you know the PIX is not blocking anything. If that resolves it then you know it's simply an access-list problem and the syslog should tell you what it is that needs to be opened. If it doesn't work after opening the PIX right up, then you know you need to look elsewhere.
For the BES to function correctly you need to allow ONLY TCP port 3101 outbound from your internal LAN i.e.
access-list inside permit tcp host any eq 3101
access-group inside in interface inside
If you are based in Europe then test from your BES server to see if you can connect to one of the Blackberry relay nodes i.e.
From your BES server (command prompt)
telnet srp.eu.blackberry.net 3101
If the above is not successful then I would suggest that you take out all your inside ACLs and test again. As you know, the PIX allows (by default) all inside connection out ? this should verify if there is a problem with your ACLs.
And also read the info provided by Glen on his post.
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...