Dear 

i have Cisco 3 layer switch  connect to firewall which do routing to destination lan

this configuration for 3 layer switch :-

no aaa new-model
switch 1 provision ws-c3750g-24ts
!

shutdown vlan 43

ip subnet-zero
ip routing

no file verify auto
spanning-tree mode pvst
spanning-tree portfast default
no spanning-tree optimize bpdu transmission
spanning-tree extend system-id

vlan internal allocation policy ascending
vlan dot1q tag native

interface GigabitEthernet1/0/1
switchport access vlan 8
switchport mode access

interface GigabitEthernet1/0/2

interface GigabitEthernet1/0/3
switchport access vlan 301
switchport mode access

interface GigabitEthernet1/0/4

interface GigabitEthernet1/0/5

interface GigabitEthernet1/0/6

interface GigabitEthernet1/0/7

interface GigabitEthernet1/0/8

interface GigabitEthernet1/0/9

interface GigabitEthernet1/0/10

interface GigabitEthernet1/0/11

interface GigabitEthernet1/0/12

interface GigabitEthernet1/0/13

interface GigabitEthernet1/0/14
switchport access vlan 41
switchport trunk native vlan 41
switchport trunk allowed vlan 1-500

interface GigabitEthernet1/0/15
switchport access vlan 45
switchport mode access

interface GigabitEthernet1/0/16

interface GigabitEthernet1/0/17

interface GigabitEthernet1/0/18

interface GigabitEthernet1/0/19
switchport access vlan 49
switchport mode access

interface GigabitEthernet1/0/20

interface GigabitEthernet1/0/21

interface GigabitEthernet1/0/22

interface GigabitEthernet1/0/23
switchport access vlan 49
switchport trunk encapsulation dot1q
switchport mode access

interface GigabitEthernet1/0/24
switchport access vlan 254
switchport trunk native vlan 49
switchport trunk allowed vlan 1
switchport mode access
spanning-tree portfast

interface GigabitEthernet1/0/25

interface GigabitEthernet1/0/26

interface GigabitEthernet1/0/27

interface GigabitEthernet1/0/28

interface Vlan1
ip address 10.20.3.1 255.255.255.240 secondary
ip address 10.20.4.1 255.255.255.240 secondary
ip address 10.20.7.1 255.255.255.240 secondary
ip address 10.20.42.1 255.255.255.0 secondary
ip address 10.20.40.1 255.255.255.0
ip helper-address 10.20.40.2

interface Vlan8
ip address 10.20.8.1 255.255.255.240

interface Vlan41
ip address 10.20.41.1 255.255.255.0
ip helper-address 10.20.40.2

interface Vlan43
ip address 192.168.40.1 255.255.252.0

interface Vlan44
no ip address

interface Vlan45
ip address 10.20.44.1 255.255.252.0
ip helper-address 10.20.45.2

interface Vlan49
ip address 10.20.49.1 255.255.255.0

interface Vlan140
no ip address

interface Vlan254
description "Perimeter Services"
ip address 10.20.254.5 255.255.255.248

interface Vlan301
ip address 10.20.253.26 255.255.255.248

ip default-gateway 10.20.40.1
ip classless
ip route 0.0.0.0 0.0.0.0 Vlan1
ip route 10.18.3.50 255.255.255.255 10.20.253.25
ip route 10.20.0.0 255.255.0.0 10.20.253.25
ip route 10.20.40.0 255.255.252.0 Vlan43
ip route 10.20.40.0 255.255.252.0 Vlan301
ip route 10.20.40.0 255.255.255.0 10.20.253.25
ip route 10.20.41.0 255.255.255.0 Vlan41
ip route 10.20.41.0 255.255.255.0 Vlan1
ip route 10.20.41.0 255.255.255.0 Vlan8
ip route 10.20.41.0 255.255.255.0 Vlan254
ip route 10.20.41.0 255.255.255.0 Vlan301
ip route 10.20.41.0 255.255.255.0 10.20.90.1
ip route 10.20.41.0 255.255.255.0 10.20.70.1
ip route 10.20.41.0 255.255.255.0 10.20.111.1
ip route 10.20.41.0 255.255.255.0 10.20.50.1
ip route 10.20.41.0 255.255.255.0 Vlan43
ip route 10.20.42.0 255.255.255.0 10.20.8.0
ip route 10.20.49.0 255.255.255.0 Vlan1
ip route 10.20.49.0 255.255.255.0 Vlan49
ip route 10.20.90.0 255.255.255.0 10.20.253.25
ip route 10.20.91.0 255.255.255.0 10.20.253.25
ip route 10.20.112.0 255.255.255.0 10.20.253.25
ip route 10.20.114.0 255.255.255.0 10.20.253.25
ip route 10.26.1.19 255.255.255.255 10.20.253.25
ip route 10.26.10.6 255.255.255.255 10.20.253.25
ip route 10.50.0.0 255.255.0.0 10.20.253.25
ip route 10.147.134.0 255.255.255.0 10.20.253.25
ip route 10.166.44.0 255.255.255.0 10.20.253.25
ip route 10.177.11.0 255.255.255.0 10.20.253.25
ip route 10.177.254.0 255.255.255.0 10.20.253.25
ip route 10.177.254.0 255.255.255.0 10.20.251.9
ip route 10.177.254.0 255.255.255.0 10.20.251.5
ip route 212.72.1.186 255.255.255.255 10.20.8.5
no ip http server

ip access-list standard MOH
permit 10.177.254.1
permit 10.20.254.1

access-list 11 permit 0.0.0.0 10.20.90.0
access-list 12 permit 0.0.0.0 10.20.70.0
access-list 14 permit 0.0.0.0 10.20.50.0
access-list 15 permit 0.0.0.0 10.20.111.0
access-list 16 permit 0.0.0.0 10.20.41.0
access-list 17 permit 0.0.8.0 10.20.49.0

control-plane

================================================

i have remote location connected by mpls line in that location i have lan 10.20.90/24 and valn 10.20.91.0/24

am able to  reach lan gatway(10.20.90.1) and host (10.20.90.2)

but am not able to reach the other vlan 10.20.91.1 or any other host in that valn 

gateway to firewall is 10.20.253.25

what i miss in this configuration

thanks