Thanks hobbe, I kind of figured something like this would need to be done.  Appericate it, I am implementing it next week so ill keep you updated!

So I put a switch in front of the firewall, I talked to my ISP and they have given me a slash /27 address for public IP addresses.  I setup a test box on the outside switch and configured one of the open addresses we have to test to make sure I can reach it and I cant.

I am assuming my ISP is pointing my public address (/27) to my Cisco ASA port?  If that is the case what is the next step in getting a public address for this box?

Thanks Verizon gave me the wrong gateway to use, I did as you suggested and it came online.  Looks like it will be smooth from here.  Thanks!

So the block of ip addresses I was given was a 65.242.6.X/27 address, however the gateway im using is a 63.125.x.x

Here is the weird part and I think this is an OS thing. 

I got the switch up in place as I stated earlier, gave the polycom device (which is running some hacked verison of linux) the public address and whatnot and I cant ping anything at all like google.  However if I grab a windows box put the exact same information on its network card I can surf the web and do anything and everything on the web. 

Its really strange. 

Hi

Here is one of the great parts of having a switch on the outside of the firewall.

You can setup a monitor port in the switch.

With this monitor port you can observe what the polycom device is sending and recieving, it could just be that it is not allowing pings out to the internet via fx wireshark.

This way you will know what hits the wire and is sent out, also you can check what is coming back.

great for analysing what the problem is.

Another good thing you can do, if the switch can setup access-lists.

If there is a problem on any of the devices (zero day bug or similar) on any of the ports showing up on the internet you can block that with an access-list in the switch.

Or just use if for IDS sensor purposes.

Many good things from a little switch, but make shure that you are ok with it beeing a SPOF (Single Point Of Faliure).

The block used does not seem to match the block of the ip address of the gateway.

And Yes you should try to mask the IP addresses (not show them openly) so that people are not tempted to "test them" or something similar.

or atleast not supply the correct ones.

Good luck

HTH

Unfornually the switch I installed in front of the Cisco ASA is just some generic Linksys switch (single point of failure is not an issue since that has been like that with the Cisco ASA).  So capturing the packets when I try to run the ping test from the polycom is not an option.    I have a Ubuntu box too that I tried giving this public information and it couldnt communicate out either, so this looks it has to do with the way Linux does networking, as I stated before if I put the IP info on a windows xp machine and plug it in it works just fine.  Its really strange

Just to update everyone I got it working.  I knew this had to be an issue with Linux because it worked fine on the windows box.  Did some research and added two lines since the gateway I was given was different than the subnet of the public IP blocks.

the two lines I added was:

route add -host 63.125.107.x dev eth1

route add default gw 63.125.107.x

Presto worked!  I know this has nothing to do with Cisco, its a Linux issue but im sure someone might find this useful!