Hello and thank you for your response. You are absolutely correct the way I drew up my sketch was actually not even correct I have no ideas what I was thinking... Also I would like to mention I was wrong in my own assessment. I completely forgot the fact that out of the block of 8 static ips (5 being usable) I did not take into account that 1 was the main gateway and was assigned to the 5508-X itself which leaves me with 4 for my internal Devices and in which I am actually utilizing. I somehow convinced myself I had a spare IP. My main idea was I wanted to assign an IP address to my Home LAB for my CCNA and/or just trying out new things but it seems now that I will most likely have to just add the main router of my lab to the Router on GE/5 and configure NAT appropriately for SSH to access off-site.

I have included a new and updated sketch that betters shows my home network. 

When I try to look at the posted Basic Topology I get an error. So do not know what you are trying to show there. Most of the time in a situation like yours the implementation is to use one of the assigned public IP on the outside interface of the ASA and to use the other addresses assigned for address translations configured on the ASA for devices or blocks of addresses used inside.

Hello

That is indeed what I feel my picture showed.. I will try to attach it again. I am pretty sure my setup is indeed what you are suggesting.

I see a diagram in the post and there is an indication of a jpeg attachment. When I attempt to open the jpeg I get an error message. I assume what is in the post is the same as the jpeg? What you describe for GE/1 through GE/6 seems appropriate. I do not understand what you are describing for GE/7 or GE/8.

Hello

Yes the diagram in the message body and the attachment are the same.

Like I said earlier I had realized my initial post became irrelevant once I realized I was already using all 5 Static IP's as I got the .182 was the 5th IP as well as the Gateway itself. 

In regards to GE7/GE8 I will try to explain my madness the best I can. 

I have two Internal/Home Routers that I use. One is behind a VPN (R2) which, when active, creates a Tunnel to Germany or whatever IP I choose at the time. When activated anything before it (5508 or any other Device on Interface GE1-6) are unable to then see it as it has "left" my Local Network and only anything on the LAN of R2 can access each other and/or the Internet (behind the IP from Germany or wherever). The other is simply a Wireless Router that, when online, shows the IP I own as my external IP not hiding my privacy. 

My issue began when I was on my R1 Router (No VPN) I noticed I could not communicate with the NAS drive on the R2 (VPN) Router because my R1 simply can not connect because of R2's tunnel.

I was getting tired of constantly switching which LAN I wanted to be on so I dedicated GE7/GE8 for R1 and R2 to connect to and create routes so now when I am on R1 I can indeed access my R2 NAS with no problems. 

I also have their Security levels equal but lower than any other Interfaces. 

I tried simply plugging R2 into R1 buit nothing I did would work so this was solution, faulty as it maybe is. 

Hi,

No it seems fine. If you want to do SSH only to your home-lab which is connected to GE5 then you can do port-forwarding on the ASA GE1 interface IP to redirected to your home-lab device. We call it port-forwarding. Can you tell which version of ASA OS you are using ? I can put sample commands here.

Further, you can take advantage of port-forwarding to to utilize single IP for many hosts/services with different port numbers

Hello

Well your question sort of brings up a bigger question. I will begin with your answer.

Based on what you are mentioning based off of what I was asking, we would connect my CCNA Lab (currently a 891f, soon to be Catalyst) to the LAN side of Router One which is connected to GE5. Let us say I will make the 891f/Catalyst 10.0.1.99.

Is the port-forward going to redirect incoming SSH connections to the Gateway IP (GE1) to GE5?

I ask this because if GE5 does indeed have its own Static IP then does it need to Port-forward? Can we not just have anything that connects to that IP (GE5) just be allowed via ACL?

Forgive me if I completely am missing the bigger picture.

Also here is the topology of how my LAN connects to each other using GE7/GE8 through the 5508-X and I was wondering if this same method could work using an L2 Switch which frees up 2 interfaces on my ASA.

Hi,

Routing will be required to make communication between 10.0.1.x and 10.0.2.x. You have two options here:

1) If you want to utilize the Layer 2 switch for the traffic between wireless Router 1 and 2 then you need define new subnet in Router 1 and 2. same subnet on these two Routers  lets say 192.168.4.0/30 with 192.168.4.1 on Router 1 and 192.168.4.2 on Router 2.

You need to add a Route on Router 1 for 10.0.2.0/24 pointing to 192.168.4.2. Then you need to also add a Route on Router 2 for 10.0.1.0/24 pointing to 192.168.4.1

2) You can make this communication without layer 2 switch utilizing ASA. on ASA, lets say your interface name on GE2 is WIRELESS1 and interface name on GE3 is WIRELESS2. Then on ASA you need to add Routes like:

route WIRELESS1 10.0.1.0 255.255.255.0 192.168.2.X 1 ( where X is Router 1 IP )

route WIRELESS2 10.0.2.0 255.255.255.0 192.168.3.x 1 ( where X is Router 2 IP )

on Router 1, make your default gateway to 192.168.2.1 which is ASA GE2 ip and 192.168.3.1 on Router 2.

Make sure you are not doing any NAT on the Wireless Routers in both scnearios

Good Morning

as my earlier picture depicts (though not with these specific details) I am indeed currently utilizing your scenario #2 though I am using GE7 and GE8 On the 5508 using the routing method you mention and all is working fine. My main interest was freeing up one or even both interfaces.
scenario 1 would be doing just that and creating the routes on internal Wireless Routers and a switch while scenario 2 would be freeing them both up as well but using another router to allow the 2 internal wireless routers to talk... so the way I have it now but on another router separate them from my 5508.