I wouldn't think the ASA needs a route since traffic to 3.3.3.5 is being routing from the core switch to the T1 router (2.2.2.105).

I shouldn't have even mentioned the ASA since any traffic that needs to route to the T1 never hits it.

If possible could you please upload the full config, and please highlight the new T1 line which you have installed.

T1 is connected via 2620 FE0/0 (2.2.2.105) to 3560E "Core Switch" via Gig0/48 (2.2.2.106).  You'll see the rest :)

Thanks again.

I am presuming that serial link with an ip address 1.1.1.254 is a T1 link 

so your network is like 

t1-->router/seriallink-->router ethlink-->switch ethlink --> vlan

If this is correct can you tell me who provide you 1.1.1.254 address is that from ISP?

Does you ISP do NATing for 192.168.0.0 private addressing or you need to do NATing?

I can help you to setup your network via Teamviewer if thats fine with you.

Switch ethlink does not go to vlan.  It's no switchport with an IP on Gig0/48.  I did try VLANing it and I get the same results.

1.1.1.154 is provided by AT&T as the serial interface to our router.  Default route goes to 1.1.1.253.

There is a route on the router to send all 192.168.16.0 traffic to 2.2.2.206 (GIG0/48).

ISP presumably does not provide NATing.  I don't think there's a NAT issue because from the core switch (192.168.16.1) I can ping to the Internet (when I changed the default route to send all traffic to the T1 vs the primary Comcast connection) and 3.3.3.5 which is set to route through the T1 as it stands today.

This site is remote so I'd prefer not making any major changes that could implicate their Internet access, especially during business hours.

I am hoping that someone sees something that looks out of the ordinary, however, like I mentioned, this site is pretty basic when it comes to the network setup.

First of the thing I dont see any interface assgined on switch withch is going to 3.3.3.5. 

If possible could yoou send the output of # sh ip route and ping ouputs from switch and router.

3.3.3.5 is just a route to a web service in another location for me to test traffic across the T1.  The route tells 3.3.3.5 to go to 2.2.2.105 (Router FE 0/0).

Trace Route from the core switch (192.168.16.1) to 3.3.3.5 successfully goes out the T1 router, across the Internet and terminates at 3.3.3.5.

Trace Route from a computer on the LAN (192.168.16.15) to 3.3.3.5 successfully goes to FE 0/0 on T1 router (2.2.2.205) but then dies.

Testing attached.

What happens if you do an extended ping from the core switch and use the vlan 100 SVI IP address as the source IP ?

Jon

Timeout

try to ping following from switch

#ping 3.3.3.5 source 2.2.2.106

#ping 3.3.3.5 source 192.168.16.1

if first one works and second one does not then it mostly the issue with NAT

First one was successful, 2nd one was not per Jon's request.

Where is the issue with the NAT?

192.168.16.0/24 is consider as a private ip address range which is not routable over internet. In order to route that traffic to internet you need to translate private ips' in to public ips' by using NAT.

I think i may have missed something here.

If the traffic is going across the internet via this T1 then yes NAT is probably the issue.

I assumed, maybe wrongly, that this wasn't going across the internet.

Jon