Thank you so much for the quick reply!

I failed to mention that the customer has 2 switches on site.  Now that you mention that it sounds entirely likely that they do not have the management port plugged in to the same switch as the inside interface. If they do not, would that also cause the same issue?

Thanks,

Justin

If both switches share the same VLANs and the connection between the switches also can transport the management-VLAN, then it should be fine. Can you ping the FP-Management-IP?

Yes both switches share the same vlan and the management port is connected to the same switch as the inside port.

The FP-management ip is pingable from the switch yes.

Can you ssh to the FP-management address from the switch? 

ssh -l admin 192.168.16.2

Unfortunately the switch is a netgear "smart" switch and the only access I have to it is via the GUI.  I am able to run the ping command from the switch however and I am successful.  

I am able to connect to the SFR module and ping all of the IP's as well.  I can provide any outputs that would be beneficial, I do not know much about this configuration so any help is appreciated.

Can you ping the sfr module from the ASA?

In this setup the ASA itself should have no interface management 0/0 IP address (and no nameif) and that management interface should be exclusively used by the sfr module.

Yes I am able to ping the sfr module from the ASA itself.  I have included the config for the management interface as well as the ping result.

sh run int management 1/1
!
interface Management1/1
management-only
nameif Management
security-level 90
no ip address
DorseyASA# ping 192.168.16.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.16.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms

The 'inside' address is 192.168.16.254, which is also the DG of the module. The output of 'show network' from the SFR module is below:

> show network
===============[ System Information ]===============
Hostname : DoresyASA
Domains : example.net
DNS Servers : 75.75.75.75
76.76.76.76
Management port : 443
IPv4 Default route
Gateway : 192.168.16.254

======================[ eth0 ]======================
State : Enabled
Channels : Management & Events
Mode :
MDI/MDIX : Auto/MDIX
MTU : 1500
MAC Address : 5C:83:8F:9B:FD:0A
----------------------[ IPv4 ]----------------------
Configuration : Manual
Address : 192.168.16.1
Netmask : 255.255.255.0
Broadcast : 192.168.16.255
----------------------[ IPv6 ]----------------------
Configuration : Disabled

===============[ Proxy Information ]================
State : Disabled
Authentication : Disabled

Are you indicating that in this scenario I should also remove the 'nameif Management' ?

You should have no nameif if you're not using m1/1 for ASA management. I'm not sure that would cause the issue you're seeing though.

Where is your ASDM workstation coming from?

My ASDM session is connecting to the public facing ip, or the 'outside' interface, either one. 

I have removed the nameif just for best practice as well. 

Is it necessary to connect to the inside interface in order to get the firepower module connected? Could this be a problem if there is NAT on the external interface?

Thanks Marvin!  That was the issue, we are now good to go.  Thanks again!