Hello @balaji.bandi 

Sorry for the delay but I have more info now:

So the router and asa will be new installs (no existing ones).

I have the router connected to the ASA and can ping it now. In my dummy config, in the ASA the router is configured on 192.168.1.1 (outside) and the ASA is on 192.168.2.1 (inside). The router is configured for internet access on ISP01 (I haven't tested on my home network to see if it works outside yet, but I plan to later).

I reserved interface 3 for the sdwan but haven't gotten to that yet but I will still need all internet traffic to route only over ISP01 on 192.168.1.1 and all other traffic (including VOIP most importantly, over one of the site to site tunnels over the sdwan which will be on interface 3). Could you please have a look at this config and let me know what you think? I also have the ACL's set to any any just because I was testing but I need to set those properly...I removed any non-relevant info from the config too (crypto, etc.)

Thank you so very, very much again!!!!

ASA Version 9.16(2)3
!
hostname test
domain-name test.local
enable password
service-module 1 keepalive-timeout 4
service-module 1 keepalive-counter 6
passwd
names
no mac-address auto

!
interface Vlan1
no nameif
no security-level
no ip address
!
interface Ethernet1/1
no switchport
nameif outside
security-level 0
ip address 192.168.1.1 255.255.255.0
!
interface Ethernet1/2
no switchport
nameif inside
security-level 100
ip address 192.168.2.1 255.255.255.0
!
interface Ethernet1/3
no switchport
nameif sdwan
security-level 0
ip address dhcp
!
interface Ethernet1/4
switchport
!
interface Ethernet1/5
switchport
!
interface Ethernet1/6
switchport
!
interface Ethernet1/7
switchport
power inline auto
!
interface Ethernet1/8
switchport
power inline auto
!
interface Management1/1
management-only
nameif management
security-level 100
ip address 192.168.20.1 255.255.255.0
!
ftp mode passive
dns domain-lookup outside
dns server-group DefaultDNS
name-server 8.8.8.8 outside
name-server 8.8.4.4 outside
domain-name test.local
same-security-traffic permit inter-interface
same-security-traffic permit intra-interface
object network obj_any
subnet 0.0.0.0 0.0.0.0
object network inside_subnet
subnet 192.168.2.0 255.255.255.0
object network router
host 192.168.1.1
object-group service www tcp
port-object eq www
port-object eq https
access-list global_access extended permit ip any any
access-list inside_access_in extended permit tcp any any
access-list outside_access_out extended permit tcp any any
pager lines 24
logging asdm informational
mtu outside 1500
mtu inside 1500
mtu sdwan 1500
mtu management 1500
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
no arp permit-nonconnected
arp rate-limit 16384
!
object network inside_subnet
nat (inside,outside) dynamic interface
!
nat (inside,outside) after-auto source dynamic any interface
access-group outside_access_out out interface outside
access-group inside_access_in in interface inside
access-group global_access global
timeout xlate 3:00:00
timeout pat-xlate 0:00:30
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 sctp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
timeout conn-holddown 0:00:15
timeout igp stale-route 0:01:10
user-identity default-domain LOCAL
aaa authentication enable console LOCAL
aaa authentication serial console LOCAL
aaa authentication http console LOCAL
aaa authentication login-history
http server enable
http 192.168.20.20 255.255.255.255 management
no snmp-server location
no snmp-server contact

telnet timeout 5
ssh stricthostkeycheck
ssh timeout 5
ssh version 2
ssh key-exchange group dh-group14-sha256
console timeout 0
dhcpd address 192.168.20.10-192.168.20.10 management
dhcpd enable management
!
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
dynamic-access-policy-record DfltAccessPolicy
username admin password ***** pbkdf2 privilege 15
!
class-map inspection_default
match default-inspection-traffic
class-map class_snmp
match port udp eq 4161
!
!
policy-map type inspect dns preset_dns_map
parameters
message-length maximum client auto
message-length maximum 512
no tcp-inspection
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect ip-options
inspect netbios
inspect rsh
inspect rtsp
inspect skinny
inspect esmtp
inspect sqlnet
inspect sunrpc
inspect tftp
inspect sip
class class_snmp
inspect snmp
policy-map global-policy
class inspection_default
inspect icmp
!
service-policy global_policy global
prompt hostname context
no call-home reporting anonymous

Thank You, So Appreciated!

PJ