can anybody help me with this issue pleasE??

Your untrust zone interface and your DMZ interface are using IP addresses in the same subnet -- that's not going to work.

You also have a Trust->Untrust policy that is a "permit all" at the top (id 1) and is going to shadow all your other 4 Trust->Untrust policies.  That doesn't have anything to do with the problem you're asking about -- but it will be a problem for you later if you expect the policy logging on those other policies to work.

I have assigned 192.168.3.1/24 to eth 0/1 interface and did a mip to 75.99.134.74 which is eth 0/0

i am attaching you the new config....

what is the ideal solution ....to put my webserver in dmz ......??

please help

thanks for replying

It's hard to say what the ideal solution would be for you without knowing more about your environment and what you're needs and goals are.

The MIP is a good starting point, but I would use one of the other IPs in the 75.99.134.72/29 (.72 - .79) address space that you apparently have allocated for your MIP instead of the firewall's interface IP.

Take the SRC-NAT off of your DMZ->Untrust policy (policy id 7).

Using a MIP, the firewall will handle NAT in both directions.

i took it off.....

also my webser connected to DMZ has ip address 192.168.3.2 with gateway 192.168.3.1 .. is that correct...

i still cannot access the internet

I also see two default routes:

set route 0.0.0.0/0 interface ethernet0/0 gateway 75.99.134.73
set route 0.0.0.0/0 interface tunnel.1

Take out the second one...  your route-based VPN route needs to be something [much] more specific than a default 0.0.0.0/0 route.

i removed the second default route but still no luck....

my eth0/1 is set to interface mode route 

and eth0/0 is set to NAT

is that corrrect..

from my webserver i cannot ping anything ( not 75.99.134.76 nor 75.99.134.73) but i can ping 75.99.134.76 from the internet

please help

thanks for your reply

Labs