Hello - Any help will be greatly appericated. I have a lab environment that I am trying to figure out. I'm using GNS3, within GSN3 I have my ISP as the cloud and an ASA 5505 connected to a Layer 3 Switch and one host connect to the L3 Switch. The Layer 3 Switch had ip routing enable and so my host is getting an address from the layer 3 device. From the host, I can ping the ASA inside interface, but I cannot ping 4.2.2.2 from the host. Below is a config setup for the ASA and Layer 3 Switch.
ASA
interface GigabitEthernet0
nameif outside
security-level 0
ip address 192.168.137.2 255.255.255.0
!
interface GigabitEthernet1
nameif inside
security-level 100
ip address 192.168.100.1 255.255.255.0
!
interface GigabitEthernet2
shutdown
no nameif
no security-level
no ip address
!
interface GigabitEthernet3
shutdown
no nameif
no security-level
no ip address
!
interface GigabitEthernet4
shutdown
no nameif
no security-level
no ip address
!
interface GigabitEthernet5
shutdown
no nameif
no security-level
no ip address
!
ftp mode passive
clock timezone EST -5
clock summer-time EDT recurring
object network VLAN10
range 192.168.102.0 192.168.102.255
object service WEB
service tcp source eq www
object network GW
host 192.168.137.1
object service web
service tcp source eq www
object network Router
host 192.168.100.1
object network 192.168.102.3
host 192.168.102.3
pager lines 24
mtu outside 1500
mtu inside 1500
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
route outside 0.0.0.0 0.0.0.0 192.168.137.1 1
route inside 192.168.0.0 255.255.0.0 192.168.100.1 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
user-identity default-domain LOCAL
http server enable
http 192.168.137.1 255.255.255.255 outside
http 0.0.0.0 0.0.0.0 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart warmstart
telnet timeout 5
ssh timeout 5
console timeout 0
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
webvpn
------------------------------------------------------------
hostname L3Switch
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
ip cef
!
!
no ip dhcp use vrf connected
!
ip dhcp pool vlan10
network 192.168.102.0 255.255.255.0
default-router 192.168.102.1
!
!
no ip domain lookup
ip domain name lab.local
!
multilink bundle-name authenticated
!
!
!
!
archive
log config
hidekeys
!
!
!
vlan internal allocation policy ascending
!
!
interface FastEthernet0/0
no ip address
shutdown
duplex auto
speed auto
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
interface FastEthernet1/0
no switchport
ip address 192.168.100.2 255.255.255.0
!
interface FastEthernet1/1
!
interface FastEthernet1/2
!
interface FastEthernet1/3
!
interface FastEthernet1/4
!
interface FastEthernet1/5
!
interface FastEthernet1/6
!
interface FastEthernet1/7
!
interface FastEthernet1/8
!
interface FastEthernet1/9
!
interface FastEthernet1/10
!
interface FastEthernet1/11
!
interface FastEthernet1/12
!
interface FastEthernet1/13
!
interface FastEthernet1/14
switchport access vlan 10
!
interface FastEthernet1/15
!
interface Vlan1
no ip address
!
interface Vlan10
ip address 192.168.102.1 255.255.255.0
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 192.168.100.1
!
!
no ip http server
no ip http secure-server
!
!
!
!
control-plane
!
line con 0
exec-timeout 0 0
privilege level 15
logging synchronous
line aux 0
exec-timeout 0 0
privilege level 15
logging synchronous
line vty 0 4
login
!
!
end
