Greetings again everyone,

Thanks to everyone for responding to my previous requests for help.  I worked with a Cisco TAC the last couple days to resolve this issue.  It turned out to be a NAT issue between the two vlans.

The original access-list for natting was this:

access-list NoNAT extended permit ip 10.0.0.0 255.0.0.0 10.0.0.0 255.0.0.0

access-list NoNAT extended permit ip 10.0.0.0 255.0.0.0 172.16.0.0 255.240.0.0

access-list NoNAT extended permit ip 10.0.0.0 255.0.0.0 192.168.0.0 255.255.0.0

access-list NoNAT extended permit ip 172.16.0.0 255.240.0.0 10.0.0.0 255.0.0.0

access-list NoNAT extended permit ip 172.16.0.0 255.240.0.0 172.16.0.0 255.240.0.0

access-list NoNAT extended permit ip 192.168.0.0 255.255.0.0 10.0.0.0 255.0.0.0

access-list NoNAT extended permit ip 192.168.0.0 255.255.0.0 192.168.0.0 255.255.0.0

access-list NoNAT extended permit ip 10.0.0.0 255.255.240.0 10.51.0.0 255.255.255.0

access-list NoNAT extended permit ip 10.21.0.0 255.255.240.0 10.51.0.0 255.255.255.0

nat (WTA2COB) 0 access-list NoNAT

nat (WTA2COB) 1 0.0.0.0 0.0.0.0

nat (FACSURV) 0 access-list NoNAT

nat (FACSURV) 1 0.0.0.0 0.0.0.0

The revised configuration was this:

access-list EXEMPT permit ip 192.168.150.0 255.255.255.0

access-list EXEMPT permit ip 192.168.151.0 255.255.255.0

nat (WTA2COB) 0 access-list EXEMPT

nat (WTA2COB) 1 192.168.150.0 255.255.255.0

nat (FACSURV) 0 access-list EXEMPT

nat (FACSURV) 1 192.168.151.0 255.255.255.0

From what I can tell, the 192.168 statement in the NoNAT access-list didn't work because it was for 192.168.0.0 /16, wherease the Exempt access-list applied for each subnet specifically.  Let me know if I'm correct in that assumption.

Long term I'd like to update the NoNAT to reflect the smaller subnets and then apply the access-list to these interfaces.

Thanks,

J