One of the reasons that this problem can occur is due to the incorrect order of access-lists. The PIX/ASA applies the access rules, which depends on the order.
In order to allow traffic to pass through the PIX/ASA, you can create access-lists and apply them to a specific interface with the help of the access-groups command.
You can put all the permit statements first and then set the access-lists to deny
Actually, any access-list on an ASA/PIX/FWSM, or in IOS, already includes an implicit deny at the end of the list. This will deny any traffic not already permitted in previous rules. Of course, unless you've added "permit ip any any" to the end of the ACL.
You only need to add a final deny statement if you want to log denied traffic.