I have 2 servers which sits in the dmz switch. Some users can connect to it and some timeout.
The ftp server (192.168.11.150) sits in vlan 1 - interface from the firewall is dmz4 fa0/4
The http server (192.168.180.23) sits in vlan 80 - interface from firewall is dmz4 virtual fa0/13,14,20,21 User on Corporate Lan makes a request to view the ftp page or the http page on either of the 2 servers.
Traffic goes from the lan into the firewall. Then from the firewall straight into sw-marlbdmz01 (the switch on dmz). Packets are getting through to both servers on this switch. These servers have a default gateway of the layer 3 switch (sw-MarldmzL301 - 192.168.11.254) which routes the packets back to the firewall.
This is where the problem is because the layer 3 switch is tagging the traffic coming back from the servers with either vlan1 or vlan80. The packet should stay on the vlan it came back from.
How can i get the Layer 3 switch (the servers gateway) to keep the packets on the correct vlan and NOT send them back to the firewall on an incorrect vlan.
On the Firewall-ASA i have checked the settings for both interfaces:
dmz4 -security level 50, duplex auto, speed auto, type interface
dmz4virtual - security level 60, vlan ID 80, sub ID 80, type subinterface