Greetings,

I am unable to ping from my wlc (built-in-wap) to my any of my firewall segments.  I can get dhcp to work to assign me an ip from the range for my dhcpd but I can't get the connectivity to internet as it drops or says it should pass it in packet-tracer and then does not pass it.  Is there some hidden setting or perhaps since I'm a new to cisco fw's I just am missing something in my config.  The sanitized config is pasted below.  Thanks! 

Skingsley

ciscoasa# show run
: Saved

:
: Serial Number:
: Hardware: ASA5506W, 4096 MB RAM, CPU Atom C2000 series 1250 MHz, 1 CPU (4 cores)
:
ASA Version 9.8(2)38
!
!
interface GigabitEthernet1/1
nameif outside
security-level 0
ip address dhcp setroute
!
interface GigabitEthernet1/2
nameif inside
security-level 100
ip address 192.168.3.1 255.255.255.0
!
interface GigabitEthernet1/3
shutdown
no nameif
no security-leve
no ip address
!
interface GigabitEthernet1/4
shutdown
no nameif
no security-level
no ip address
!
interface GigabitEthernet1/5
shutdown
no nameif
no security-level
no ip address
!
interface GigabitEthernet1/6
shutdown
no nameif
no security-level
no ip address
!
interface GigabitEthernet1/7
shutdown
no nameif
no security-level
no ip address
!
interface GigabitEthernet1/8
shutdown
no nameif
security-level 0
no ip address
!
interface GigabitEthernet1/9
nameif wirelessn
security-level 100
no ip address
!
interface GigabitEthernet1/9.10
vlan 10
nameif wireless1
security-level 100
ip address 192.168.2.1 255.255.255.0
!
interface GigabitEthernet1/9.20
vlan 20
nameif wireless2
security-level 100
ip address 192.168.4.1 255.255.255.0
!
interface GigabitEthernet1/9.30
vlan 30
nameif blue
security-level 100
ip address 192.168.1.1 255.255.255.0
!
interface Management1/1
management-only
no nameif
security-level 100
no ip address
!
boot system disk0:/asa982-38-lfbff-k8.SPA
boot system disk0:/asa961-lfbff-k8.SPA
same-security-traffic permit inter-interface
same-security-traffic permit intra-interface
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
!
object network OBJ-INSIDE
nat (inside,outside) dynamic interface

dhcpd address 192.168.3.2-192.168.3.50 inside
dhcpd enable inside
!
dhcpd address 192.168.2.2-192.168.2.254 wireless1
dhcpd enable wireless1
!
dhcpd address 192.168.4.2-192.168.4.254 wireless2
dhcpd enable wireless2
!
!
!
: end

---------------------------------------------------------
#show run
Building configuration...
!
version 15.3
!
no ip source-route
ip routing
ip cef
!
!
!
!
dot11 syslog
dot11 vlan-name wireless2 vlan 20
dot11 vlan-name wireless1 vlan 10
dot11 vlan-name wirelessn vlan 30
!
dot11 ssid wireless2
vlan 20
authentication open
authentication key-management wpa version 2
wpa-psk ascii
!
dot11 ssid wireless1
vlan 10
authentication open
authentication key-management wpa version 2
wpa-psk ascii
!
dot11 ssid blue
vlan 30
!
!
!
no ipv6 cef
!
!
!
!
bridge irb
!
!
!
interface Dot11Radio0
no ip address
!
encryption mode ciphers
!
ssid blue
!
antenna gain 0
mbssid
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 spanning-disabled
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
!
interface Dot11Radio0.10
encapsulation dot1Q 10
bridge-group 10
bridge-group 10 subscriber-loop-control
bridge-group 10 spanning-disabled
bridge-group 10 block-unknown-source
no bridge-group 10 source-learning
no bridge-group 10 unicast-flooding
!
interface Dot11Radio0.20
encapsulation dot1Q 20
bridge-group 20
bridge-group 20 subscriber-loop-control
bridge-group 20 spanning-disabled
bridge-group 20 block-unknown-source
no bridge-group 20 source-learning
no bridge-group 20 unicast-flooding
!
interface Dot11Radio0.30
encapsulation dot1Q 30
bridge-group 30
bridge-group 30 subscriber-loop-control
bridge-group 30 spanning-disabled
bridge-group 30 block-unknown-source
no bridge-group 30 source-learning
no bridge-group 30 unicast-flooding
!
interface Dot11Radio1
no ip address
!
encryption mode ciphers
!
ssid
!
antenna gain 0
peakdetect
no dfs band block
mbssid
packet retries 64 drop-packet
channel dfs
station-role root
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 spanning-disabled
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
!
interface Dot11Radio1.10
encapsulation dot1Q 10
bridge-group 10
bridge-group 10 subscriber-loop-control
bridge-group 10 spanning-disabled
bridge-group 10 block-unknown-source
no bridge-group 10 source-learning
no bridge-group 10 unicast-flooding
!
interface Dot11Radio1.20
encapsulation dot1Q 20
bridge-group 20
bridge-group 20 subscriber-loop-control
bridge-group 20 spanning-disabled
bridge-group 20 block-unknown-source
no bridge-group 20 source-learning
no bridge-group 20 unicast-flooding
!
interface Dot11Radio1.30
encapsulation dot1Q 30
bridge-group 30
bridge-group 30 subscriber-loop-control
bridge-group 30 spanning-disabled
bridge-group 30 block-unknown-source
no bridge-group 30 source-learning
no bridge-group 30 unicast-flooding
!
interface GigabitEthernet0
no ip address
bridge-group 1
bridge-group 1 spanning-disabled
no bridge-group 1 source-learning
!
interface GigabitEthernet0.10
encapsulation dot1Q 10
bridge-group 10
bridge-group 10 spanning-disabled
no bridge-group 10 source-learning
!
interface GigabitEthernet0.20
encapsulation dot1Q 20
bridge-group 20
bridge-group 20 spanning-disabled
no bridge-group 20 source-learning
!
interface GigabitEthernet0.30
encapsulation dot1Q 30
bridge-group 30
bridge-group 30 spanning-disabled
no bridge-group 30 source-learning
!
interface BVI1
mac-address 0042.5ad0.0a9c
ip address 192.168.1.254 255.255.255.0
ipv6 address dhcp
ipv6 address autoconfig
ipv6 enable
!
interface BVI10
ip address 192.168.2.254 255.255.255.0
!
interface BVI20
mac-address 0042.5ad0.0a9c
ip address 192.168.4.254 255.255.255.0
!
ip default-gateway 192.168.1.1
ip forward-protocol nd
ip http server
no ip http secure-server
ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
ip route 0.0.0.0 0.0.0.0 192.168.1.1
ip route 192.168.1.0 255.255.255.0 192.168.1.1
ip route 192.168.2.0 255.255.255.0 192.168.2.1
!
!
access-list 101 permit ip 0.0.0.0 255.255.255.0 any
access-list 101 permit icmp 0.0.0.0 255.255.255.0 any
access-list 101 permit icmp 0.0.0.0 255.255.255.0 any 8 0
access-list 101 permit icmp any any 8 0
bridge 1 route ip
bridge 10 route ip
bridge 20 route ip
!
!
end