I am sorry that it has taken so long to reply.  I have attached the results of a packet trace between my office computer(10.10.0.217) and the iLO on one of the servers(10.10.30.11). I have also attached the running config for the ASA.

David,

The switch has a current IP address of 10.10.0.1 and is on the inside network.  The Vlans are configured in the switch as follows:

That would change how the routing would work would it not?  I could send you the current configuration of the ASA, but how do I get that from the ASA to be able to attach it here?

I think I get it - everything in the diagram is on the inside interface of the firewall (looks like it is on two interfaces in the diagram).  I think I would just add a super route for the entire 10.x/8 network to the layer 3 switch in that case.

route inside 10.0.0.0 255.0.0.0 10.10.0.1

OK, I just tried this one and I still cannot ping or connect to the iLO (for example) on one of the servers. I have not set up any virtual environments yet, but I figure if I can't ping or reach the iLO for the server, I won't be able to reach anything else.

I can ping the iLO from the ASA firewall, but not from my office computer.

Hello Ken,

Could you please get the "Show tech" copy to a notepad and attach it in here? below you may see a section called "Attachment", if this is a Switch that you are talking about, all of those subnets should be registered in the ARP table "Show arp", and the IPs should be able to communicate to each other based on L2 "routing", if it is a L3 switch yes, you will need to add routes to your inside, you may do it specifically or use a super route(route inside 10.0.0.0 255.0.0.0 10.10.0.1), which I dont really recommend if you want to add more interfaces in the future and use a 10.x.x.x range in another interface, so you may add those individually. either ways for the moment adding the super route should be fine. 

That way a NAT for internet is easier:

 - nat (inside) 1 10.0.0.0 255.255.255.0

 - global (outside) 1 interface

Please dont for get to rate the helpful posts!

Thanks,

David Castro,

How do I get the "show tech" and "show arp" results into a file? I tried using ASDM interface and it won't let me copy and paste.

Hello Ken,

On the tools section of the ASDM you can use the "Command line" and do the sh arp and "sho tech" and have those copied and paste in a notepad with right click.

Thanks.

David Castro

I managed to get the "show tech" to save the file on the flash and put it in a text file. When I tried the same technique with the show arp it would not save it to the flash. It also would not let me copy and paste into notepad.

I have attached the text file for the show tech command as requested.

Hello Ken,

Great!, well I think that I have a better idea now, we have basically a Layer 3 device behind the fw, since among the Switch and the ASA have IP addresses assigned in the interfaces, the Switch 10.10.0.1 and the ASA 10.10.0.3, so in the ARP table of the ASA we wont be able to see anything further that interface, so the communication among the VLANs should be all configured in the Switch (InterVLAN  routing basically) since it is clearly acting as a L3 device, now the 10.10.0.0/24 Addresses(Internal servers) those are in a segment of the L3 Switch or how did you get those connected to the ASA??

To sum up:

1. Access to internet from the VLANs:

You have to create a route on the L3 Switch (a Default route) pointing to the ASA(10.10.0.3), so the ASA will be able to PAT the Addresses and reach out internet, The ASA already has the routes for those 10.10.X.X Subnets. 

2. Communication among VLANS and the internal network (10.10.0.0/24)

We have to define how do you have the internal network plugged to the Switch or to the ASA, because otherwise if it is a simple communication, the L3 Switch should just use InterVLAN routing in order to make all of the VLANs to communicate to each other and dont escalate the communication to the ASA, which it will be all unnecessary, plz take a look to this link:

- https://www.reddit.com/r/networking/comments/2yol9s/inter_vlan_routing_on_hp_procurve_2920/

It seems that disabling and re-enabling (IP-routing) in the switch could do the trick, if it is not so much trouble post the switch config.

Please proceed to rate and mark as correct this post if it helped you, keep me posted!

David Castro,

I do have a default VLAN on the switch, but may have it configured wrong. I have attached the switch configuration.

Hello Ken, 

could you plz add this route, just in case since it is acting as a L3 switch:

- ip route 0.0.0.0 0.0.0.0 10.10.0.3

I know you have the default gateway, but just add the route, so we can see if it does any difference, since it is a Layer 3 switch:

ip default-gateway 10.10.0.3

Also set up a capture in the ASA to make sure those packets are reaching the ASA:

access-list CAP permit ip 10.10.X0.0 255.255.255.0 10.10.0.0 255.255.255.0

access-list CAP permit ip 10.10.0.0 255.255.255.0 10.10.X0.0 255.255.255.0 

Define the VLAN; from where you are sending the traffic:

capture CAP interface Inside access-list CAP

Please proceed to rate and mark as correct this post if it helped you, keep me posted!

David Castro,

Am I adding the route to the switch or the ASA?  I tried entering the ip route in CLI on the switch and it gave me an invalid entry message.