hq-asa
br-asa
Username - admin
Password - admin12345
Console login password all the devices
password -: x-iot12345

password -: x-iot12345

Enable secret for HQ deviceces

password -: head-office

I can not login in the ASA with none of this password mate!

Dont mind, I got into devices.

Well, I see some problems here:

!

!

route PUBLIC 0.0.0.0 0.0.0.0 192.168.30.17 1

route PRIVATE 0.0.0.0 0.0.0.0 192.168.40.18 1

!

You can not have two default route on the ASA like this.  What you need to do here is:

To public, you can use a default route like you did.  But, for private you have to use specfic like

192.168.x.0

Another issue I found, the core has a default route down to the Core, this is also wrong. The router for HQ has to have specifics routes to Firewall and the command redistribute static on the OSPF

Here what you need to change:

ASA HQ:

!

no route PRIVATE 0.0.0.0 0.0.0.0 192.168.40.18 1

!

route PUBLIC 0.0.0.0 0.0.0.0 192.168.30.17 1

route PRIVATE 192.168.3.0 255.255.255.0 192.168.40.18 1

route PRIVATE 192.168.4.0 255.255.255.0 192.168.40.18 1

route PRIVATE 192.168.5.0 255.255.255.0 192.168.40.18 1

route PRIVATE 192.168.6.0 255.255.255.0 192.168.40.18 1

route PRIVATE 192.168.9.0 255.255.255.0 192.168.40.18 1

!

Router HQ:

!

no ip route 0.0.0.0 0.0.0.0 192.168.30.18

!

ip classless

ip route 192.168.3.0 255.255.255.0 192.168.30.18

ip route 192.168.4.0 255.255.255.0 192.168.30.18

ip route 192.168.5.0 255.255.255.0 192.168.30.18

ip route 192.168.6.0 255.255.255.0 192.168.30.18

ip route 192.168.9.0 255.255.255.0 192.168.30.18

!

After that, ping is working for me from HQ to Brances

Hi

 this network as not added on the static routes.

You need to include in both router and ASA

Router:

ip route 192.168.13.0 255.255.255.0 192.168.30.18

ASA

ip route 192.168.13.0 255.255.255.0 192.168.40.18