This chapter introduces a troubleshooting methodology based on the OSI model. Knowledge is power! Knowing the various models of PIX firewalls and their capabilities is extremely important for troubleshooting. Although the PIX firewall supports a limited number of network types, familiarity with the cables used to connect to those networks can be a useful asset to troubleshooting. The PIX firewall uses standard TA586A/B wiring schemes for 10/100 Ethernet, and SC multi-mode fiber optic cables for Gigabit Ethernet. The failover cable is an instance of a specialized function made possible by adhering to a stringent Cisco proprietary wiring scheme. The troubleshooting toolbox includes many Cisco commands such as show xlate, show NAT, and show global, all used to check translation configurations and operations. Other connectivity issues needed to troubleshoot involve ensuring that only the proper access is granted to certain external networks. IPsec is probably one of the most complex features ever configured on the PIX firewall. The troubleshooting is equally complex. This chapter covers several of the most critical commands available for validating IPsec operation. Cisco provides an extremely useful packet capture and analysis tool in the form of the capture command. This command helps in troubleshooting networks remotely by enabling the capture and analysis of the networks connected to the PIX firewall. This reduces the need to install a third-party device on the target network to obtain information about it. The best troubleshooting practice is proactive monitoring to detect problems before they become unmanageable.