I've attached the conif files for each hq is the one that is working properly, sr is the one that isn't

Thank you for the information :

HQ - i believe you connected to Internet

SR we take brach that one not working.

HQ Te 1/1/1  - 1/0/1 ( SR) connected please confirm

on SR

interface GigabitEthernet1/0/1
description
no switchport
ip address 10.76.200.22 255.255.255.0
ip nat outside   <-- why you have NAT here, i do not see any where you have NAT inside ?) if no nat remove this
speed 100
duplex full

If you learning routes from IGP EIGRP : then you do not need below static route (until you want to)

no ip default-gateway 10.76.22.1  (this is not need for sure)
ip route 0.0.0.0 0.0.0.0 10.76.2.10

do this suggest and test it ?

are you sure  SR Switch users connected to port (PC working Internet ?)

still not working you need to change some more settings :

why VLAN 100 and 200 have different IP range ?  (i can understad you segmenged Router port between switch) - is there any reason ?

Thank you Balaji,

I removed the nat i was researching online and that was a recommendation

I also removed the gateway

The network is segmented as anything on the 10.76.x.x (VLAN 100) network has internet, anything on the 172.16.x.x. (VLAN 200) network is on a closed network no internet access, this is because it is a scada system at water plants. This is how i inherited this network not sure why anything was done this way.

I removed the nat i was researching online and that was a recommendation
I also removed the gateway

ok what is the outcome of this ? is this working as expected ?

The network is segmented as anything on the 10.76.x.x (VLAN 100) network has internet, anything on the 172.16.x.x. (VLAN 200) network is on a closed network no internet access, this is because it is a scada system at water plants. This is how i inherited this network not sure why anything was done this way.

ok we understand this most plants does this to make secure prevate network.

Since you have p2p configured switch to switch on ASA (if you are not running any EIGRP) you need to send static Route back to SR switch IP address towards 10.76.200.2

Now what we need is,

take small paper and pend write small network what connected where ?

now what is not working ?

ok what is the outcome of this ? is this working as expected ?

-no, it is still working the same

Since you have p2p configured switch to switch on ASA (if you are not running any EIGRP) you need to send static Route back to SR switch IP address towards 10.76.200.2

- So we do have a checkpoint firewall in place and there is no routing configured in there only rules. I've added a static route to 10.76.200.2 and that doesn't work either

My vlans are working correctly at all plants, the main issue is that when I try to license cisco I am unable to because the SR switch is not able to ping cisco or 8.8.8.8 from the putty cli, but on the HQ router I am able to ping and it is allowing me to license. I hope that makes sense.

I suggest to open checkpoint smart dashboard

ping from switch and see is that request coming to checkpoint ? what is the status Deny or permit. (what IP address you see there)

check any routing required back to your HQ Switch.

Thank you, i'm not sure how nated works sorry I'm really really new to this. The main issue is that I am trying to register the switches/router and since it can't ping out it isn't allowing me to register the devices on the cisco portal. I can do this manually but I'd like to figure out why it isn't working correctly.

Looking at your config, you have configured the same address on both switches. See below:

interface Vlan100
description Admin
ip address 10.76.22.1 255.255.255.0

ip default-gateway 10.76.22.1

ip route 0.0.0.0 0.0.0.0 10.76.2.10

interface Vlan100
description Admin
ip address 10.76.22.1 255.255.255.0

ip route 0.0.0.0 0.0.0.0 10.76.2.10

So, keep the HQ the same and change the other one to a different IP that is not being used:  example:

interface Vlan100
description Admin
ip address 10.76.22.5 255.255.255.0

ip route 0.0.0.0 0.0.0.0 10.76.2.10

Also, on the same switch, delete the below statement since you already have a default route installed.

ip default-gateway 10.76.22.1

no ip default-gateway 10.76.22.1

HTH

Thank you, for the vlan100 the ip's should be different SR is 10.76.22.1 and HQ is 10.76.2.1.

Thank you, for the vlan100 the ip's should be different SR is 10.76.22.1 and HQ is 10.76.2.1.

but that is not what is in the config you posted. Also, if this is for admin (description Admin) why do you need a different subnet per switch.

Simply, pick one subnet and assign ips to different switches from the same subnet just like the example I posted.

HTH

Than you Reza, so the reason there are 2 vlans Controls vlan has no internet access on any machines it is a closed network for security reasons, admin vlan has internet and is used on computers that are used for clocking in and out email etc. I inherited this network very recently so I can't really roll out changes like that. Not really sure on why it was setup this way with the subnetting and I have no way of getting that info from previous engineer.