Hi

in addition to the earlier post while trying to ping from u r lan just give show ip nat translations in ur router and c whether u r getting any o/p in tht.

regds

Thank you for all help. I do have ip nat inside and ip nat outside. When I ping a puibli ip from the computer, I get time out. Here is whole configuration.

version 12.3

no service pad

service tcp-keepalives-in

service tcp-keepalives-out

service timestamps debug datetime msec localtime show-timezone

service timestamps log datetime msec localtime show-timezone

service password-encryption

service sequence-numbers

!

hostname ciscodmz

!

security authentication failure rate 3 log

security passwords min-length 6

logging buffered 51200 debugging

logging console critical

enable secret 5 $1$o0ko$hXk18FTwq076pCcnKY0LY1

!

username ciscodmz privilege 15 password 7 00071A1507545A545C

clock timezone America/Regina -6

no aaa new-model

ip subnet-zero

no ip source-route

ip tcp synwait-time 10

ip domain name cisco.com

ip name-server 4.2.2.1

ip dhcp excluded-address 172.16.5.1 172.16.5.5

!

ip dhcp pool sdm-pool1

network 172.16.5.0 255.255.255.0

default-router 172.16.5.1

!

!

no ip bootp server

ip cef

ip audit notify log

ip audit po max-events 100

ip ssh time-out 60

ip ssh authentication-retries 2

no ftp-server write-enable

!

!

!

!

!

!

!

interface Ethernet0

description $FW_INSIDE$$ETH-LAN$

ip address 172.16.5.1 255.255.255.0

no ip redirects

no ip unreachables

no ip proxy-arp

ip nat inside

ip route-cache flow

no cdp enable

!

interface Ethernet1

description $FW_OUTSIDE$$ETH-WAN$

ip address 68.17.43.208 255.255.255.224

no ip redirects

no ip unreachables

no ip proxy-arp

ip nat outside

ip route-cache flow

duplex auto

no cdp enable

!

interface FastEthernet1

no ip address

duplex auto

speed auto

!

interface FastEthernet2

no ip address

duplex auto

speed auto

!

interface FastEthernet3

no ip address

duplex auto

speed auto

!

interface FastEthernet4

no ip address

duplex auto

speed auto

!

ip nat inside source list 1 interface Ethernet0 overload

ip classless

ip route 0.0.0.0 0.0.0.0 68.17.43.193 permanent

ip http server

ip http authentication local

ip http secure-server

!

logging trap debugging

logging 172.16.5.1

access-list 1 permit 172.16.5.0 0.0.0.255

no cdp run

route-map SDM_RMAP_1 permit 1

match ip address 120

!

banner login ^CCCAuthorized access only!

Disconnect IMMEDIATELY if you are not an authorized user!^C

!

line con 0

login local

no modem enable

transport output telnet

line aux 0

login local

transport output telnet

line vty 0 4

privilege level 15

login local

!

scheduler max-task-time 5000

scheduler interval 500

!

end

I think the problem is with your ip nat inside source list 1 interface Ethernet0 overload statement. Change that to:

ip nat inside source list 1 interface Ethernet1 overload

Note that i have changed the interface to Ethernet1 from Ethernet0. You need to NAT to the public interface.

That is. My original configuration was ip nat inside source list 1 interface Ethernet1 overload. but it didn't work for some reasons, then I change to ip nat inside source list 1 interface Ethernet0 overload.

Thanks a lot.