This issue occurs because a default route does not exist on the Cisco Secure PIX Firewall, or because NATting/PATting is not configured.
In order to resolve this issue, complete these steps:
Make sure the PIX has the routeoutside 0.0.0.0 0.0.0.0 command configured in order to direct all unknown traffic to the directly connected Ethernet port of the outside router.
Verify that the default gateway of the client is set to the inside interface of the PIX.
For pings to work, verify that there is an access-list statement applied to the outside interface that permits the Internet Control Message Protocol (ICMP) echo-replies back in through the PIX.
Verify that the PIX configuration has a translation, either a nat and a related global statement or a static statement, for the inside host. In order to check the translation, issue the show xlate command.
For example, in order to translate the 10.1.1.0/24 network on the inside interface, enter these commands: