ip route 192.168.160.5 255.255.255.255 local_interface_connected_to_FW2

This command is not possible, it says 

%Invalid next hop address (it's this router)

I setup the L3 port to be no switchport, put in an ip of 192.168.160.6 then tried 

ip route 192.168.160.5 255.255.255.255 192.168.160.6 

but unsuccessful. 

thanks

Jeff

Jeff,

which sdm template are you running on the switch ? Can you post the output of:

3750#sh sdm prefer

#sh sdm prefer
The current template is "desktop default" template.
The selected template optimizes the resources in
the switch to support this level of features for
8 routed interfaces and 1024 VLANs.

number of unicast mac addresses: 6K
number of IPv4 IGMP groups + multicast routes: 1K
number of IPv4 unicast routes: 8K
number of directly-connected IPv4 hosts: 6K
number of indirect IPv4 routes: 2K
number of IPv4 policy based routing aces: 0
number of IPv4/MAC qos aces: 0.5K
number of IPv4/MAC security aces: 0.875k

ok, so as not to confuse, forgot to comment on gpauwen's reply earlier, apologies. ok let me reiterate again the scenario.

* Our original setup is: Internet > Cisco ASA5520 > Cisco 3750 L3 switch > 2960-S    

   distribution L2 switches 

* On the L3 switch are connected the distribution L2 switches and its settings are    

   switchport mode trunk, it does DHCP, it only has 1 IP route which is 

ip route 0.0.0.0 0.0.0.0 192.168.120.254 

192.168.120.254 is the Cisco ASA Port0 (inside) which has a Dynamic NAT rule on the Cisco ASA 5520 going to Port1 which is our primary ISP (outside)

Here comes the correction, we bought in a new firewall (other brand, not Cisco ASA) starts with the letter F. 

We would like to retain the original IP 192.168.120.254 which is the FW1 Port0.

Our Cisco L3 switch was setup with HSRP before during the time it has a peer L3 switch. our virtual gateway for each vlan is:

192.168.20.254, 192.168.30.254, so the virtual gateway is: 192.168.x.254

In our office, we have several VLAN's, 10, 20, 30, 40, 50, 60, 70, 80, 90 and the 120 VLAN which is for the Firewall IP: 192.168.120.254

So in our Cisco ASA 5520, beside the dynamic NAT settings from inside to outside, it also has static routes like inside 192.168.20.0 255.255.255.0 192.168.20.254

It also has a default route 0.0.0.0 0.0.0.0 WAN1

Not sure if these gives more understanding of my issue. 

Thanks

Jeff

Jeff,

first of all, try to load the routing sdm:

3750#sdm prefer routing

With regard to your setup, do you currently do load balancing on your ASA (I would think you do since you have two WAN connections). It is going to be a bit tricky to integrate a second firewall into your setup, especially since all your LAN hosts use the virtual IP as their default gateway.

3750(config)#do sh
3750(config)#do show sdm prefer routing
"desktop routing" template:
The selected template optimizes the resources in
the switch to support this level of features for
8 routed interfaces and 1024 VLANs.

number of unicast mac addresses: 3K
number of IPv4 IGMP groups + multicast routes: 1K
number of IPv4 unicast routes: 11K
number of directly-connected IPv4 hosts: 3K
number of indirect IPv4 routes: 8K
number of IPv4 policy based routing aces: 0.5K
number of IPv4/MAC qos aces: 0.5K
number of IPv4/MAC security aces: 1K

3750(config)#

Actually guys the issue has been solved. Here's what we did.

The default route in the L3 switch is 0.0.0.0 0.0.0.0 192.168.120.254, we've setup a new port on the L3, set it as no switchport and put in an ip address same as the new FW2 lan port (192.168.120.254), we've setup on the L3 port (192.168.120.253). 

Then on the firewall, we've setup static routes going to each vlan and it's gateway is the virtual gateway set by the L3 switch. 

I'm not sure if I'm able to explain the solution properly but basically issue solved and thanks for the input guys

Thanks

Jeff

Jeff,

good stuff, glad you got it resolved !