Although, I have not looked at your updated configuration, the first configuration you post was fine as we are able to run the packet tracer successfully.

I clearly told you that you need to solve the problem at Layer 1, Layer 2 as our DMZ host is not able to reach DMZ interface on ASA. Just think about this, How could ASA do anything with the packet without receiving it. 

With all due respect, to clarify some points discussed here.

By default, ASA will allow all communication (TCP/UDP) from high security level (in your case DMZ with security level 20) going out to low security level (in your case OUTSIDE with security level 0). So There is no access-list or access-group configuration required.

You already had NAT statement. This is Manual NAT statement.

nat (DMZ,outside) source dynamic any OBJ-NET-188.202.95.227

So you don't need AUTO NAT configuration.

object network DMZ
subnet 192.168.17.0 255.355.255.0
nat (dmz,outside) dynamic interface

Now back to your issue.

• I would say please check if ASA can ping its own DMZ interface IP 192.168.17.254 to make sure the interface is up up.
• Have you checked with a Laptop by direct connecting to DMZ. (not the server, just to check out.)
• When you connected DMZ Server and DMZ interface to a managed switch, did you see MAC address entry on the port and arp entry if in layer 3 mode.
• Change the Cable (MIDI and MIDI-X the old concept consideration)and also try to check speed duplex.
  
  

I would urge you to not change any ASA configuration other than DMZ interface level configuration to establish layer 1, layer 2 connectivity to ASA. Our first target should be to establish communication between DMZ host and DMZ interface on ASA. 

HTH
### RATE ALL HELPFUL RESPONSES ###

Thanks for the reply bhargavdesai,

I will remove the auto NAT statement.

About your questions:

- Yes the ASA can ping the dmz interface

- Checked it with a server and a laptop connected directly on the interface both give the same result

- Yes on the layer 3 switch I see a mac entry for the server/laptop but the ASA interface is not visible on the switch port or in the arp table.

- Change out the cables and set the speed duplex from auto to 1000 full still no result.

Hello bhargavdesai,

No at the moment the setup is DMZ HOST/LAPTOP >>> Cisco ASA DMZ Interface

I see light on the ASA interface and on the network card of the DMZ host

The interface on the ASA is showing up and the network Card on the DMZ host is showing connected

Host and ASA share the same network without a switch between them.

At the moment I am not on location but I will be tomorrow, if you could assist remotely that would be great.

Sorry guys at this moment I have to wait a while because I am sick at home at this moment. When I am better I will contact you again.

Okay have recovered from the flue. Now looked at the configuration I have at this moment:

DMZ-Host >>Cisco L3 switch>>Cisco ASA

The host has connection to the switch and also windows is telling me he has internet access.

On the switch I only see a mac adress on the Host interface and not on the ASA interface.

ASA is not showing any arp entry for the DMZ interface/network. So I looked at the L1 connections, checked all cables and all are MDI and show up as connected. On the switch (which is a new SG250) I did a copper check to see if the cables are without any breaks and all pairs show up green without errors.
So that is the situation at the moment, on the ASA a sh arp | i Dmz show up with no entries and a sh conn gives me only connections on the Voice and inside networks.

Noticed another thing on the ASA, Firepower is enabled by an old admin. So I wired the management interface to the switch and now I see that this configuration is not in sync with the new configuration for the DMZ. Only problem is I have no clue on configuring Firepower. Can we disable this?

Got this version of Firepower

fw01# sh module sfr

Mod Card Type Model Serial No.
---- -------------------------------------------- ------------------ -----------
sfr FirePOWER Services Software Module ASA5506 JAD220706WA

Mod MAC Address Range Hw Version Fw Version Sw Version
---- --------------------------------- ------------ ------------ ---------------
sfr 28ac.9e57.bcbd to 28ac.9e57.bcbd N/A N/A 5.4.1-211

Mod SSM Application Name Status SSM Application Version
---- ------------------------------ ---------------- --------------------------
sfr ASA FirePOWER Up 5.4.1-211

Mod Status Data Plane Status Compatibility
---- ------------------ --------------------- -------------
sfr Up Up

fw01#

Here is the sh version output

fw01# sh version

Cisco Adaptive Security Appliance Software Version 9.6(4)8
Device Manager Version 7.9(2)152

Compiled on Wed 11-Apr-18 19:52 PDT by builders
System image file is "disk0:/asa964-8-lfbff-k8.SPA"
Config file at boot was "startup-config"

fw01 up 1 year 122 days

Hardware: ASA5506, 4096 MB RAM, CPU Atom C2000 series 1250 MHz, 1 CPU (4 cores)
Internal ATA Compact Flash, 8000MB
BIOS Flash M25P64 @ 0xfed01000, 16384KB

Encryption hardware device : Cisco ASA Crypto on-board accelerator (revision 0x1)
Number of accelerators: 1

1: Ext: GigabitEthernet1/1 : address is 28ac.9e57.bcbf, irq 255
2: Ext: GigabitEthernet1/2 : address is 28ac.9e57.bcc0, irq 255
3: Ext: GigabitEthernet1/3 : address is 28ac.9e57.bcc1, irq 255
4: Ext: GigabitEthernet1/4 : address is 28ac.9e57.bcc2, irq 255
5: Ext: GigabitEthernet1/5 : address is 28ac.9e57.bcc3, irq 255
6: Ext: GigabitEthernet1/6 : address is 28ac.9e57.bcc4, irq 255
7: Ext: GigabitEthernet1/7 : address is 28ac.9e57.bcc5, irq 255
8: Ext: GigabitEthernet1/8 : address is 28ac.9e57.bcc6, irq 255
9: Int: Internal-Data1/1 : address is 28ac.9e57.bcbe, irq 255
10: Int: Internal-Data1/2 : address is 0000.0001.0002, irq 0
11: Int: Internal-Control1/1 : address is 0000.0001.0001, irq 0
12: Int: Internal-Data1/3 : address is 0000.0001.0003, irq 0
13: Ext: Management1/1 : address is 28ac.9e57.bcbe, irq 0
14: Int: Internal-Data1/4 : address is 0000.0100.0001, irq 0

Licensed features for this platform:
Maximum Physical Interfaces : Unlimited perpetual
Maximum VLANs : 5 perpetual
Inside Hosts : Unlimited perpetual
Failover : Disabled perpetual
Encryption-DES : Enabled perpetual
Encryption-3DES-AES : Enabled perpetual
Carrier : Disabled perpetual
AnyConnect Premium Peers : 2 perpetual
AnyConnect Essentials : Disabled perpetual
Other VPN Peers : 10 perpetual
Total VPN Peers : 12 perpetual
AnyConnect for Mobile : Disabled perpetual
AnyConnect for Cisco VPN Phone : Disabled perpetual
Advanced Endpoint Assessment : Disabled perpetual
Shared License : Disabled perpetual
Total TLS Proxy Sessions : 2 perpetual
Botnet Traffic Filter : Disabled perpetual
Cluster : Disabled perpetual

This platform has a Base license.

Serial Number: JAD220706WA
Running Permanent Activation Key: 0xb92af765 0xa8cd23fe 0xc05095d0 0xa0a88854 0x0a1c0f9d
Configuration register is 0x1
Image type : Release
Key Version : A

Tried another interface but that interface stays down down even after a no shut on the interface itself. I am now more and more considering that the ASA has a hardware malfunction.