Dear All,

I have replaced my old cisco 5510 Firewall with a new 5516 NGFW. My edge router 2911 has primary and secondary IP address on a LAN connecting interface. Before replacing the old firewall, primary and secondary IP gateway addresses were reachable from LAN users. After the replacement, primary gateway is reachable from lan side but secondary is not reachable. Please see the below packet flow diagram and running config of cisco ASA 5516-X

End Users -------> Switch 2960-X ------> Transparent Firewall 5516-X ------->  2911 Router ------> Internet

End users IP: 192.168.0.254/24 and Gateway 192.168.0.3

End users IP: 192.168.222.254/254 and Gateway 192.168.222.3

Switch 2960-X:

All ports in VLAN-2. Gig 1/0/24 is connecting inside interface of Firewall.

Interface VLAN-2 IP is 192.168.0.6/24 and Gateway 192.168.0.3.

Firewall 5516-X: 

Interface bvi 2 ip address is 192.168.0.9 255.255.255.0

Default route towards 192.168.0.3

BVI 2 is mapped on Gig 1/1. Gig 1/1 is an inside interface connecting with switch 2960-X. Security Level 100

BVI 2 is mapped on Gig 1/8. Gig 1/8 is an outside interface connecting with Router Gig 0/0. Security Level 0

inside interface policy is permit any any.

outside interface policy is source 192.168.0.3, 192.168.222.3 and destination any, service any, action permit.

ICMP is allowed on global inspection policy.

Router 2911:

Gig 0/0 primary IP is 192.168.0.3/24 and secondary IP is 192.168.222.3

Please suggest.