Also when uou enable SSH on the firewall you need to generate a key:

crypto key generate rsa modulus 1024

Value our effort and rate the assistance!

I did not see the netmask, it seems to be /16 can you post part of the switch configuration, the port that connects to the ASA.

interface Ethernet0/1.1

description inside interface for internal context

nameif inside

security-level 100

ip address 10.10.50.150 255.255.0.0

Also I see the sub-interface created but no vlan ID, the port that connected to the ASA needs to be defined as a trunk and you need to define VLANs.

Step 1 >>>> VLAN ID on that sub interface on the ASA

Step 2 >>>> Switch VLAN database and how the interface that connects to the ASA is configured.

Value our effort and rate the assistance!

If you added the route command that I put on my first post please remove it.

Value our effort and rate the assistance!

I figured out this issue but now have a new issue. The problem I had accessing the internal network from the ASA was due to the core switch I was being routed through. After looking at the core I saw that the default route was redirecting all traffic to the IP address of the inside interface on the production ASA. I have since pulled a spare switch and created an isolated network with a laptop and the inside interface on the new ASA. This worked great.

Now to my new problem. I am trying to access our ISPs external address from the ASA. The ISP has provided us with two vlans (100 and 101) on one connection and has given us two public IPs (one is the IP for the router on their end and the second is the IP I am supposed to use on my outside interface for vlan 100). I have created sub-interfaces on my outside interface and defined 0/0.1 as vlan 100 and 0/0.2 as vlan 101. VLAN 101 will go to our rack at our disaster recovery site so it will just be an extension of our existing network.

My network is as follows:

                               ISP (IP 2.2.2.1)

                                        |

                                        |

                               3560-CG switch (both ports -- to ISP and ASA outside interface are configured as trunk ports)

                                        |

                                        |

                               ASA (outside 2.2.2.2 vlan 100)

When I try to ping the 2.2.2.1 address from the ASA it doesn't work. If both my ASA outside port and the port to the ISP are both trunk ports shouldn't it route both VLANs (100 and 101) without any issue or am I missing something in my thinking?

Thanks.

First check the arp table to see if you see your gateway, then try another IP, 4.2.2.2, also check the ¨show run icmp¨ and confirm that you are not restricting ICMP. Check logs. Try to ping from behind the ASA and check packet tracer to see if it is hitting some NAT rule or any type of restriction.

Value our effort and rate the assistance!

I was able to get the ASA to be able to ping an external IP address (e.g. google.com) and also internally to my laptop. Now the last remaining piece is for the laptop to be able to access the Internet. Part of the problem I had was that the VLANs I have weren't defined in the vlan database on the switch. I also had to adjust the speed and duplex on the ports that the inside interface of the ASA is plugged into.

It looks like the issue is with the 3750 switch between my laptop and the ASA. If I try to ping the inside interface of the ASA from my switch that works but if I ping from the switch to an external IP address that I know responds it doesn't work. Seems like the switch is blocking something. There aren't any ACLs in place to allow traffic.

Any ideas?

Thanks.

If you have skype or if you want to call me at 407 241 29 65 ext 4863

Value our effort and rate the assistance!