Hi, 

I have swapped it around as suggested but issue still exists.

hi,

is the 192.168.20.0/24 directly connected to the ASA or has a router behind it?

is layer 2 VLAN 20 created on your switch?

can you ping 192.168.20.254 from a 192.168.20.x machine?

you'll need a static route if it's not.

route Test 192.168.20.0 255.255.255.0 <ROUTER HOP IP>

Vlan is created on Core 4506 and directly connected to ASA via Vlan (Port 8)

Yes, i am able to ping from the core switch and clients connected to Vlan to IP address 192.168.20.254

I only have two physical connections to the ASA, Inside that carries default Vlan1 (Working) and Vlan 20 (Not Working - Port8.20)

Not sure if this helps?

your port0/8 should respond to vlan 1. and 8.20 to vlan 20. have you got the corresponding switchport configured as a trunk and if so, are you sure it is not 'pruning' vlan 20?

HI,

Yes the port is configured as a trunk and all Vlans are allowed. Can you please explain "Pruning" as i dont know what this is.

I have made a config change and it seems to be in the right direction, below is attached the new config and what i see in the log when trying to access the internet.
Any ideas would be highly appreciated to get this working asap.

ASA Version 9.6(1)
!
hostname XXXX
domain-name XXXX
enable password XXXX
names

!
interface GigabitEthernet1/1
nameif outside
security-level 0
ip address X.X.X.210 255.255.255.240
!
interface GigabitEthernet1/2
shutdown
nameif inside
security-level 100
no ip address
!
interface GigabitEthernet1/3
shutdown
no nameif
security-level 0
no ip address
!
interface GigabitEthernet1/4
shutdown
no nameif
security-level 0
no ip address
!
interface GigabitEthernet1/5
shutdown
no nameif
no security-level
no ip address
!
interface GigabitEthernet1/6
shutdown
no nameif
no security-level
no ip address
!
interface GigabitEthernet1/7
duplex full
nameif GuestVLAN
security-level 50
ip address 30.0.0.3 255.255.255.192
!
interface GigabitEthernet1/8
nameif AhrlacLAN
security-level 100
ip address 192.168.40.1 255.255.252.0
!
interface GigabitEthernet1/8.20
vlan 20
nameif Test
security-level 50
ip address 192.168.20.254 255.255.255.0
!
interface Management1/1
management-only
no nameif
no security-level
no ip address
!
ftp mode passive
dns domain-lookup outside
dns domain-lookup AhrlacLAN
dns server-group DefaultDNS
name-server 192.168.40.18 AhrlacLAN
name-server 192.168.40.19 AhrlacLAN
name-server 8.8.8.8 outside
domain-name Ahrlac.local
same-security-traffic permit inter-interface
object network obj_any
subnet 0.0.0.0 0.0.0.0
object network ISP_Gateway
host X.X.18.209
object network Internal_Network_Range
subnet 192.168.40.0 255.255.252.0
object network Exchange01_Lan_IP
host 192.168.40.27
object network Exchange01_Public_IP
host X.X.18.212
object network Exchange02_Lan_IP
host 192.168.40.28
object network Exchange02_Public_IP
host X.X.18.213
object network Ess_Lan_IP
host 192.168.41.29
object network Ess_Public_IP
host X.X.18.222
object network VPN_Internal_IP
host 192.168.40.31
object network VPN_Public_IP
host X.X.18.214
object network ISP_2_Gateway
host 196.201.239.161
object network Sharepoint_Lan_IP
host 192.168.40.26
object network Sharepoint_Public_IP
host X.X.18.220
object network CGTech
host 65.208.162.138
object network Whatsapp
fqdn v4 c.whatsapp.net
object network Guest_Vlan_30
subnet 30.0.0.0 255.255.255.192
description Guest_Vlan_30
object network Guest_Vlan_30_Gateway
host 30.0.0.1
object network Test
subnet 192.168.20.0 255.255.255.0
description Test
object network Test_Network
subnet 192.168.20.0 255.255.255.0
description Test_Network
object-group service Smtp_Ports tcp
port-object eq 465
port-object eq smtp
port-object eq https
object-group service Sharepoint tcp-udp
port-object eq 8081
object-group service DM_INLINE_TCP_0 tcp
group-object Sharepoint
port-object eq www
object-group service DM_INLINE_SERVICE_1
service-object ip
service-object icmp traceroute
access-list outside_access extended permit tcp any4 object Sharepoint_Lan_IP object-group DM_INLINE_TCP_0
access-list outside_access extended permit tcp any4 object Exchange02_Lan_IP object-group Smtp_Ports
access-list outside_access extended permit tcp any4 object Exchange01_Lan_IP object-group Smtp_Ports
access-list outside_access extended permit tcp any4 object VPN_Internal_IP eq https
access-list outside_access extended permit tcp any4 object Ess_Lan_IP eq www
access-list AhrlacLAN_access_in extended permit ip object Internal_Network_Range any
access-list GuestVlan30_access_in extended permit ip any any
access-list GuestVLAN_access_in extended permit ip object Guest_Vlan_30 any
access-list GuestVLAN_access_out extended permit ip object Guest_Vlan_30 any
access-list GuestVLAN_access_in_1 extended permit ip object Guest_Vlan_30 any log
pager lines 24
logging enable
logging asdm informational
mtu outside 1500
mtu inside 1500
mtu Test 1500
mtu AhrlacLAN 1500
mtu GuestVLAN 1500
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
no arp permit-nonconnected
!
object network Internal_Network_Range
nat (any,outside) dynamic interface
object network Exchange01_Lan_IP
nat (AhrlacLAN,outside) static Exchange01_Public_IP
object network Exchange02_Lan_IP
nat (AhrlacLAN,outside) static Exchange02_Public_IP
object network Ess_Lan_IP
nat (AhrlacLAN,outside) static Ess_Public_IP service tcp www www
object network VPN_Internal_IP
nat (AhrlacLAN,outside) static VPN_Public_IP service tcp https https
object network Sharepoint_Lan_IP
nat (AhrlacLAN,outside) static Sharepoint_Public_IP
object network Guest_Vlan_30
nat (outside,GuestVLAN) dynamic interface dns
object network Test_Network
nat (AhrlacLAN,Test) dynamic interface dns
access-group outside_access in interface outside
access-group AhrlacLAN_access_in in interface AhrlacLAN
access-group GuestVLAN_access_in_1 in interface GuestVLAN
route outside 0.0.0.0 0.0.0.0 45.220.18.209 1
timeout xlate 3:00:00
timeout pat-xlate 0:00:30
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 sctp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
user-identity default-domain LOCAL
aaa authentication http console LOCAL
http server enable
http 192.168.1.0 255.255.255.0 inside
http 192.168.40.0 255.255.252.0 AhrlacLAN
no snmp-server location
no snmp-server contact
service sw-reset-button
crypto ipsec security-association pmtu-aging infinite
crypto ca trustpool policy
telnet timeout 5
ssh stricthostkeycheck
ssh 0.0.0.0 0.0.0.0 AhrlacLAN
ssh timeout 5
ssh key-exchange group dh-group14-sha1
console timeout 0

dhcpd auto_config outside
!
dynamic-access-policy-record DfltAccessPolicy
username admin password j2CyJc6Mj.jL0.GH encrypted privilege 15
!
class-map inspection_default
match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
parameters
message-length maximum client auto
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
inspect ip-options
class class-default
user-statistics accounting
!
service-policy global_policy global
prompt hostname context
no call-home reporting anonymous
hpm topN enable
Cryptochecksum:bbcb286f4f1808dc1cefae10401d6e82
: endLog - Client trying to access internet