Hi Francesco,

Thanks for the reply. I have enabled ip routing on both switches and pretty much mirrored the config of Switch 1 on Switch 2 except for respective IP addressing. Instead of using static routing, I have gone for ospf for ease of configuration. The config is pretty long, especially for the ASA so I'll attach the config text files, unless you prefer I post then right with the post.

Posting the configs as text files is quite appropriate. I have taken a quick look at the configs. Can you tell us what model of switch this is? Would you post the output of show ip route from both switches and the output of show standby?

I'm using an IOU image 'i86bi-linux-l2-ipbasek9-15.1g.bin'. It was the only one I could find where HSRP and VTP both worked. As for the other outputs, 'show ip route', and 'show standby', see the attached text file. I chose to put all the outputs in a sectioned text file as I was getting an 'The contents of the attachment doesn't match its file type.' error when I tried uploading the individualized output files.

Thanks

Does a machine from vlan 10 can ping another machine in vlan 11?

At least, between these 2 vlans, can you do the following tests:

- from machine in vlan 10 ping its default gateway in vlan 10

- from machine in vlan 10 ping the default gateway in vlan 11

- from machine in vlan 10 ping the machine in vlan 11

If this isn't working, please shut all interfaces on SW2 and re-do all tests.

Also, on switch 1, can you share in a text file the output of sh ip arp vlan 10 & sh ip arp vlan 11

On both switches, can you do a show spanning-tree summary.

From switch 1, can you do ping 192.168.20.4?

From a machine in vlan 10, can you ping:

- 192.168.20.4

- 192.168.20.1

- 192.168.20.2

While doing these tests above, please connect a host on each vlan (10 and 11) directly to switch 1 first and then use hosts behind the other switches you have which are connected to SW1 and SW2. 

Does a machine from vlan 10 can ping another machine in vlan 11?

At least, between these 2 vlans, can you do the following tests:

- from machine in vlan 10 ping its default gateway in vlan 10

- from machine in vlan 10 ping the default gateway in vlan 11

- from machine in vlan 10 ping the machine in vlan 11

A machine in Vlan 10 can ping it's own default gateway

A machine in Vlan 10 can only ping Vlan 11 gateway if Switch 2 is off

A machine in clan 10 cannot ping a vlan 11 machine

Also, on switch 1, can you share in a text file the output of sh ip arp vlan 10 & sh ip arp vlan 11

On both switches, can you do a show spanning-tree summary.

See the attached text files

From switch 1, can you do ping 192.168.20.4?

From a machine in vlan 10, can you ping:

- 192.168.20.4

- 192.168.20.1

- 192.168.20.2

From Switch 1, I can ping 192.168.20.4

From a machine in Vlan 10, I cannot ping any addresses in the 192.168.20.0 subnet.

It seems the issue was/is with the IOU image, 'i86bi-linux-l2-adventerprisek9-15.2d'. I've since replaced it with 'i86bi_linux_l2-adventerprisek9-ms' and inter-VLAN routing is working just fine. Vlan 10 and 11 can reach other other including the other vlans, 15 and 17. The image however keeps popping up segmentation faults (segfault) and the devices either stop working or shutdown. I'm looking for another image.

The issue I have now, other than the hunt for a stable L2 image is the connection between the L3 switch and the ASA. What's the best practice, considering the HSRP on the switches and the failover on the ASA? Is it;

- Have the Switches and ASAs in the same vlan?

   - Should the interface on the switch be in access or trunk mode?

   - Should the interface on the ASA be a subinterface with the vlan (20) specified?

      - This has proven to work with routing even working in the vlan but traffic from the other vlans is not reaching the             ASAs

- Have the link between each Switch and ASA as a separate vlan?