I haven't added to my entwork in a while, so I might be a bit rusty on LAN connectivity troubleshooting.
I have an ASA55xx that will be the L3 core of a new network infrastructure; the VLANs defined on the edge switches will trunk to a DMZ interface on the ASA and subinterfaces will route internally. My old network will connect via a "transit" DMZ interface and the outside interface will be configured as is typical.
My problem is that I only have 1-way connectivity between a ASA subinterface and my old network; a simple diagram is:
Servers -> subinterface (10.10.200.1) -> DMZ interface -> [ASA55xx] -> transit interface ->  -> L3 VLAN (10.10.3.1) -> My workstation
I can ping from the ASA to my workstation at 10.10.3.x, but I cannot ping the subinterface 10.10.200.1 from my workstation.
I suspect that it might be a NAT issue, but configuring NAT bypass did nothing.
Partial ASA config:
ip address xx.xx.xx.xx yy.yy.yy.yy
no ip address
ip address 10.10.162.1 255.255.255.0
ip address 10.10.179.254 255.255.255.0
no ip address
ip address 10.10.200.1 255.255.255.0
ip address 10.10.250.1 255.255.255.240
access-list transit-nat-bypass extended permit ip 10.10.162.0 255.255.255.0 interface transit
global (outside) 1 interface
nat (transit) 0 0.0.0.0 0.0.0.0
nat (inside162) 0 access-list transit-nat-bypass
nat (inside162) 1 10.10.162.0 255.255.255.0
nat (dmz200) 1 10.10.200.0 255.255.255.0
route outside 0.0.0.0 0.0.0.0 xx.xx.xx.xx
route transit 10.10.3.0 255.255.255.0 10.10.250.12 1
route inside179 10.10.179.0 255.255.255.0 10.10.179.1 1
I can provide Cat6500 config lines also, but I don't think that the issue lies there.
Any opinions will be welcomed.
The only interface that connects my old network to the new one is the 'transit' interface; the output of the command is:
ASA1# sh int ip brief
Interface IP-Address OK? Method Status Protocol
Ethernet0/2 unassigned YES unset up up
Ethernet0/2.188 10.10.188.1 YES CONFIG up up
Ethernet0/2.200 10.10.200.1 YES manual up up
From the 6506 can you ping 10.10.250.1 ?
Do you have any ACLs ? by default higher security level can access lower security level If I can remeber for ICMP you need to specially allow it or you need to do some inspection on ICMP
If not try testing on L2 (this will avoid any ACL / Security Zones you may have)
Try testing with L2 configure L2 vlan ID 200 on the 6506 and plug in a laptop in a port in vlan 200 using an IP address in 10.10.200.x
I hope this helps.