VLAN routing issue with ASA

I have a Cisco 3560X switch.  It has a gateway to a 5505.  I added a new VLAN for a vendor subnet.  The 3560 has a connection to a 2960 for the vendor subnet.  The 2 subnets route fine to each other.  The problem is that the new VLAN is not able to get to the internet, or it seems as though the traffic requested does not make its way back to the new VLAN.  I see the traffic pass through the ASA and the return replies say on an ICMP to 4.2.2.2, but the new VLAN does not see that traffic come back.  I tried adding a route on the inside interface on the ASA pointing the new VLAN subnet to that 3560, but no go.  Any help would be great.
mcstechguru1978Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

mpickreignCommented:
Can you post the configs for both routers and the ASA?
0
shubhanshu_jaiswalCommented:
did you make layer 2 vlan or layer 3 vlan...
0
yawbeCommented:
Please post the configs for both ASA and the switch. At least those area that are related to what you are trying to accomplish.
0
Identify and Prevent Potential Cyber-threats

Become the white hat who helps safeguard our interconnected world. Transform your career future by earning your MS in Cybersecurity. WGU’s MSCSIA degree program was designed in collaboration with national intelligence organizations and IT industry leaders.

mcstechguru1978Author Commented:
Here you go.  The first is the 3560 and the second the ASA.




###Cisco 3560X####

version 12.2
no service pad
!
!
!
no aaa new-model
clock timezone central -6
system mtu routing 1500
authentication mac-move permit
ip routing
!
!
vtp domain xxx
vtp mode transparent
!
mls qos map cos-dscp 0 8 16 24 32 46 48 56
mls qos srr-queue input bandwidth 90 10
mls qos srr-queue input threshold 1 8 16
mls qos srr-queue input threshold 2 34 66
mls qos srr-queue input buffers 67 33
mls qos srr-queue input cos-map queue 1 threshold 2 1
mls qos srr-queue input cos-map queue 1 threshold 3 0
mls qos srr-queue input cos-map queue 2 threshold 1 2
mls qos srr-queue input cos-map queue 2 threshold 2 4 6 7
mls qos srr-queue input cos-map queue 2 threshold 3 3 5
mls qos srr-queue input dscp-map queue 1 threshold 2 9 10 11 12 13 14 15
mls qos srr-queue input dscp-map queue 1 threshold 3 0 1 2 3 4 5 6 7
mls qos srr-queue input dscp-map queue 1 threshold 3 32
mls qos srr-queue input dscp-map queue 2 threshold 1 16 17 18 19 20 21 22 23
mls qos srr-queue input dscp-map queue 2 threshold 2 33 34 35 36 37 38 39 48
mls qos srr-queue input dscp-map queue 2 threshold 2 49 50 51 52 53 54 55 56
mls qos srr-queue input dscp-map queue 2 threshold 2 57 58 59 60 61 62 63
mls qos srr-queue input dscp-map queue 2 threshold 3 24 25 26 27 28 29 30 31
mls qos srr-queue input dscp-map queue 2 threshold 3 40 41 42 43 44 45 46 47
mls qos srr-queue output cos-map queue 1 threshold 3 5
mls qos srr-queue output cos-map queue 2 threshold 3 3 6 7
mls qos srr-queue output cos-map queue 3 threshold 3 2 4
mls qos srr-queue output cos-map queue 4 threshold 2 1
mls qos srr-queue output cos-map queue 4 threshold 3 0
mls qos srr-queue output dscp-map queue 1 threshold 3 40 41 42 43 44 45 46 47
mls qos srr-queue output dscp-map queue 2 threshold 3 24 25 26 27 28 29 30 31
mls qos srr-queue output dscp-map queue 2 threshold 3 48 49 50 51 52 53 54 55
mls qos srr-queue output dscp-map queue 2 threshold 3 56 57 58 59 60 61 62 63
mls qos srr-queue output dscp-map queue 3 threshold 3 16 17 18 19 20 21 22 23
mls qos srr-queue output dscp-map queue 3 threshold 3 32 33 34 35 36 37 38 39
mls qos srr-queue output dscp-map queue 4 threshold 1 8
mls qos srr-queue output dscp-map queue 4 threshold 2 9 10 11 12 13 14 15
mls qos srr-queue output dscp-map queue 4 threshold 3 0 1 2 3 4 5 6 7
mls qos queue-set output 1 threshold 1 138 138 92 138
mls qos queue-set output 1 threshold 2 138 138 92 400
mls qos queue-set output 1 threshold 3 36 77 100 318
mls qos queue-set output 1 threshold 4 20 50 67 400
mls qos queue-set output 2 threshold 1 149 149 100 149
mls qos queue-set output 2 threshold 2 118 118 100 235
mls qos queue-set output 2 threshold 3 41 68 100 272
mls qos queue-set output 2 threshold 4 42 72 100 242
mls qos queue-set output 1 buffers 10 10 26 54
mls qos queue-set output 2 buffers 16 6 17 61
mls qos
password encryption aes
!
crypto pki trustpoint TP-self-signed-265158144
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-265158144
 revocation-check none
 rsakeypair TP-self-signed-265158144
!
!
crypto pki certificate chain TP-self-signed-265158144
 certificate self-signed 01
  30820244 308201AD A0030201 02020101 300D0609 2A864886 F70D0101 04050030
  30312E30 2C060355 04031325 494F532D 53656C66 2D536967 6E65642D 43657274
  69666963 6174652D 32363531 35383134 34301E17 0D393330 33303130 30303133
  345A170D 32303031 30313030 30303030 5A303031 2E302C06 03550403 1325494F
  532D5365 6C662D53 69676E65 642D4365 72746966 69636174 652D3236 35313538
  31343430 819F300D 06092A86 4886F70D 01010105 0003818D 00308189 02818100
  D6559819 F55DA6F6 A0AC0AA1 0C993557 8046CCE4 26C43613 24221BEC 650FD1BC
  242ADB2F 3ED33215 8ED9985C 015F30FA 68E5777B B1A906F7 57292A99 6E152412
  EEFB910C F92FD133 87E8B15D BCADDA69 CD2A4244 62AC2001 B8694341 FEF35D81
  0320787B F94EFE91 A27901FA 12E17D7A C6EE741B E08B030E 637C832B C1D5C96D
  02030100 01A36E30 6C300F06 03551D13 0101FF04 05300301 01FF3019 0603551D
  11041230 10820E42 412D3335 36305830 312D4F50 2E301F06 03551D23 04183016
  8014DCE5 C15C0431 053C5376 1B90C6DC 31658A71 2649301D 0603551D 0E041604
  14DCE5C1 5C043105 3C53761B 90C6DC31 658A7126 49300D06 092A8648 86F70D01
  01040500 03818100 BC46AB6F 63C591C2 5B5CE526 C0986E9D EA54C0E0 AC53F7AF
  1E5D05EB 48FEBADD 36567763 B5F1DBD9 1F0F22D6 35036D97 4E6F55A2 B3D06FE9
  FE8F1392 926C78FC 0E3FFB30 5C50AFAA BC2A0E71 2A543FC3 9C1D0E7D 8B79D43E
  E0E56DE8 C9F7A124 A04781BB 4C3ECF5B F16DC28F 099B6F79 2C268D20 CB469FD1
  4152E383 1EB963D0
  quit
stackmaker name xxx
!
spanning-tree mode pvst
spanning-tree extend system-id
spanning-tree vlan 1 priority 4096
!
!
!
!
network-policy profile 1
!
!
vlan internal allocation policy ascending
!
vlan 75,100,200,300,400
!
vlan 500
 name Reynolds-Reynolds
!
!
!
interface FastEthernet0
 ip address 192.168.70.1 255.255.255.0
 no ip route-cache cef
 no ip route-cache
 no ip mroute-cache
!
interface GigabitEthernet0/1
 description Trunk to 2960S01 Port2
 switchport trunk encapsulation dot1q
 switchport mode trunk
 srr-queue bandwidth share 10 10 60 20
 queue-set 2
 priority-queue out
 mls qos trust cos
 macro description cisco-switch
 auto qos voip trust
 spanning-tree link-type point-to-point
 ip dhcp snooping trust
!
interface GigabitEthernet0/2
 description Trunk to 2960S02 Port1
 switchport trunk encapsulation dot1q
 switchport mode trunk
 srr-queue bandwidth share 10 10 60 20
 queue-set 2
 priority-queue out
 mls qos trust cos
 macro description cisco-switch
 auto qos voip trust
 spanning-tree link-type point-to-point
 ip dhcp snooping trust
!
interface GigabitEthernet0/3
!
interface GigabitEthernet0/4
 description BA-DC01-OP NIC Port 1
 switchport mode access
 spanning-tree portfast
!
interface GigabitEthernet0/5
!
interface GigabitEthernet0/6
 description BA-HYPERV-OP
 switchport trunk encapsulation dot1q
 switchport trunk allowed vlan 1,200,300,400
 switchport mode trunk
!
interface GigabitEthernet0/7
!
interface GigabitEthernet0/8
 description BA-SYMANTEC-OP
!
interface GigabitEthernet0/9
!
interface GigabitEthernet0/10
 description BA-SMTP-OP
!
interface GigabitEthernet0/11
!
interface GigabitEthernet0/12
 description Link to Reynolds
 switchport access vlan 500
!
interface GigabitEthernet0/13
 spanning-tree portfast
!
interface GigabitEthernet0/14
!
interface GigabitEthernet0/15
!
interface GigabitEthernet0/16
!
interface GigabitEthernet0/17
!
interface GigabitEthernet0/18
!
interface GigabitEthernet0/19
!
interface GigabitEthernet0/20
 description Port B36
!
interface GigabitEthernet0/21
 description Port B34
!
interface GigabitEthernet0/22
 description Port B35
!
interface GigabitEthernet0/23
 description Port B32
!
interface GigabitEthernet0/24
 description Port B33
!
interface GigabitEthernet0/25
!
interface GigabitEthernet0/26
!
interface GigabitEthernet0/27
 description Port C23
!
interface GigabitEthernet0/28
 description Port B44
!
interface GigabitEthernet0/29
 description Port B43
!
interface GigabitEthernet0/30
 description Port B42
!
interface GigabitEthernet0/31
 description Port B41
!
interface GigabitEthernet0/32
 description Port D22
!
interface GigabitEthernet0/33
 description Port B40
!
interface GigabitEthernet0/34
 description Port B39
!
interface GigabitEthernet0/35
 description Port B38
!
interface GigabitEthernet0/36
 description Port B37
!
interface GigabitEthernet0/37
!
interface GigabitEthernet0/38
!
interface GigabitEthernet0/39
!
interface GigabitEthernet0/40
 switchport access vlan 300
!
interface GigabitEthernet0/41
!
interface GigabitEthernet0/42
!
interface GigabitEthernet0/43
!
interface GigabitEthernet0/44
!
interface GigabitEthernet0/45
!
interface GigabitEthernet0/46
!
interface GigabitEthernet0/47
 description Access to ASA5505
!
interface GigabitEthernet0/48
 description Trunk to ADP
 switchport access vlan 100
 switchport mode access
 ip access-group Deny-DHCP in
!
interface GigabitEthernet1/1
!
interface GigabitEthernet1/2
!
interface GigabitEthernet1/3
!
interface GigabitEthernet1/4
!
interface TenGigabitEthernet1/1
!
interface TenGigabitEthernet1/2
!
interface Vlan1
 ip address 192.168.50.1 255.255.255.0
!
interface Vlan100
 ip address 206.95.243.112 255.255.255.128
!
interface Vlan200
 ip address 192.168.60.1 255.255.255.0
!
interface Vlan300
 ip address 192.168.80.1 255.255.255.0
!
interface Vlan400
 no ip address
!
interface Vlan500
 ip address 10.4.135.254 255.255.255.0
!
!
router eigrp 100
 network 192.168.50.0
 network 192.168.60.0
 network 192.168.70.0
 network 192.168.80.0
 network 206.95.243.0 0.0.0.127
 eigrp stub connected summary
 no eigrp log-neighbor-warnings
!
ip default-gateway 192.168.50.10
ip classless
ip route profile
ip route 0.0.0.0 0.0.0.0 192.168.50.10
ip route 192.168.50.0 255.255.255.0 192.168.50.10
ip http server
ip http secure-server
!
ip access-list extended Deny_DHCP
 deny   udp any any eq bootpc
 deny   udp any any eq bootps
 permit ip any any
!
ip sla enable reaction-alerts

----------------------

###Cisco ASA 5505###


:
ASA Version 8.2(1)
!
hostname xxx
domain-name xxx

names
name 207.187.15.48 ADP
name 192.168.50.7 ExchangeServer description Exchange 2010
name 10.10.10.2 ADPBackup description ADP 1760 Router
name 192.168.50.15 Barracuda300 description Barracuda SMTP Filter
name 10.4.135.0 Reynolds
!
interface Vlan1
 nameif inside
 security-level 100
 allow-ssc-mgmt
 ip address 206.95.243.80 255.255.240.0
!
interface Vlan2
 nameif outside
 security-level 0
 ip address x.x.x.x 255.255.255.248
!
interface Vlan5
 nameif dmz
 security-level 50
 ip address 10.10.10.1 255.255.255.252
!
interface Vlan25
 nameif Management
 security-level 100
 ip address 176.0.0.1 255.255.255.0
 management-only
!
interface Vlan35
 nameif BobAllenNetwork
 security-level 100
 ip address 192.168.50.10 255.255.255.0
!
interface Ethernet0/0
 switchport access vlan 2
!
interface Ethernet0/1
!
interface Ethernet0/2
!
interface Ethernet0/3
 switchport access vlan 5
!
interface Ethernet0/4
!
interface Ethernet0/5
!
interface Ethernet0/6
 switchport access vlan 35
!
interface Ethernet0/7
 switchport access vlan 25
!
ftp mode passive
clock timezone CST -6
clock summer-time CDT recurring
dns domain-lookup inside
dns domain-lookup outside
dns domain-lookup dmz
dns domain-lookup Management
dns domain-lookup BobAllenNetwork
dns server-group DefaultDNS
 name-server 192.168.50.4
 name-server 192.168.50.6
 domain-name boballenford.local
same-security-traffic permit inter-interface
same-security-traffic permit intra-interface
object-group network DM_INLINE_NETWORK_1
 network-object 10.10.10.0 255.255.255.248
 network-object 192.168.1.0 255.255.255.0
object-group network DM_INLINE_NETWORK_2
 network-object 192.168.50.0 255.255.255.0
 network-object 206.95.240.0 255.255.240.0
object-group network DM_INLINE_NETWORK_3
 network-object 10.10.10.0 255.255.255.252
 network-object 192.168.50.0 255.255.255.0
 network-object 206.95.240.0 255.255.240.0
object-group service Exchange
 description Exchange 2010 Services
 service-object tcp eq www
 service-object tcp eq https
 service-object tcp eq smtp
 service-object tcp eq 465
object-group network DM_INLINE_NETWORK_4
 network-object 10.10.10.0 255.255.255.252
 network-object 192.168.50.0 255.255.255.0
 network-object 206.95.240.0 255.255.240.0
object-group protocol TCPUDP
 protocol-object udp
 protocol-object tcp
object-group service rdp tcp-udp
 port-object eq 3389
access-list outside_access_in extended permit icmp any any
access-list outside_access_in extended permit ip any host x.x.x.x
access-list outside_access_in extended permit object-group Exchange any host x.x.x.x
access-list outside_access_in extended permit object-group TCPUDP any host x.x.x.x object-group rdp
access-list global_mpc extended permit ip x.x.x.x 255.255.255.248 object-group DM_INLINE_NETWORK_1
access-list TGAdmin standard permit 206.95.240.0 255.255.240.0
access-list BobAllen_splitTunnelAcl standard permit 192.168.50.0 255.255.255.0
access-list BobAllenNetwork_nat0_outbound extended permit ip 192.168.50.0 255.255.255.0 192.168.50.200 255.255.255.252
access-list BobAllenNetwork_nat0_outbound extended permit ip object-group DM_INLINE_NETWORK_2 192.168.50.240 255.255.255.240
access-list BobAllenNetwork_nat0_outbound extended permit ip object-group DM_INLINE_NETWORK_3 192.168.90.0 255.255.255.0
access-list BobAllenNetwork_nat0_outbound extended permit ip object-group DM_INLINE_NETWORK_4 192.168.100.0 255.255.255.0
access-list BobAllenNetwork_nat0_outbound extended permit ip 192.168.50.0 255.255.255.0 192.168.50.44 255.255.255.254
access-list BobAllenManagement_splitTunnelAcl standard permit 192.168.50.0 255.255.255.0
access-list BobAllenManagement_splitTunnelAcl standard permit 206.95.240.0 255.255.240.0
access-list dmz_access_in extended permit icmp any any
access-list dmz_access_in extended permit ip 10.10.10.0 255.255.255.252 206.95.240.0 255.255.240.0
access-list dmz_access_in extended permit icmp 10.10.10.0 255.255.255.252 192.168.50.0 255.255.255.0
access-list BobAllenFordVPN_splitTunnelAcl standard permit 10.10.10.0 255.255.255.252
access-list BobAllenFordVPN_splitTunnelAcl standard permit 192.168.50.0 255.255.255.0
access-list BobAllenFordVPN_splitTunnelAcl standard permit 206.95.240.0 255.255.240.0
access-list MavicorSupport_splitTunnelAcl standard permit 10.10.10.0 255.255.255.252
access-list MavicorSupport_splitTunnelAcl standard permit 192.168.50.0 255.255.255.0
access-list MavicorSupport_splitTunnelAcl standard permit 206.95.240.0 255.255.240.0
access-list mavicor_splitTunnelAcl standard permit 192.168.50.0 255.255.255.0
pager lines 24
logging enable
logging asdm informational
mtu inside 1500
mtu outside 1500
mtu dmz 1500
mtu Management 1500
mtu BobAllenNetwork 1500
ip local pool BobAllenVPN 192.168.50.240-192.168.50.254 mask 255.255.255.0
ip local pool BobAllen 192.168.50.200-192.168.50.202 mask 255.255.255.0
ip local pool TGAdmin 206.95.243.94 mask 255.255.255.240
ip local pool VPNPOOL 192.168.90.10-192.168.90.254 mask 255.255.255.0
ip local pool Mavicor 192.168.100.10-192.168.100.250 mask 255.255.255.0
ip local pool mavicor2 192.168.50.44-192.168.50.45 mask 255.255.255.0
no failover
icmp unreachable rate-limit 1 burst-size 1
icmp permit any inside
icmp permit any outside
icmp permit any dmz
icmp permit 192.168.50.0 255.255.255.0 BobAllenNetwork
asdm image disk0:/asdm-634.bin
no asdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 1 206.95.240.0 255.255.240.0
nat (dmz) 1 10.10.10.0 255.255.255.252
nat (BobAllenNetwork) 0 access-list BobAllenNetwork_nat0_outbound
nat (BobAllenNetwork) 1 192.168.50.0 255.255.255.0
static (BobAllenNetwork,outside) tcp x.x.x.x smtp Barracuda300 smtp netmask 255.255.255.255
static (BobAllenNetwork,outside) tcp x.x.x.x 465 Barracuda300 465 netmask 255.255.255.255
static (BobAllenNetwork,outside) tcp x.x.x.x www ExchangeServer www netmask 255.255.255.255
static (BobAllenNetwork,outside) tcp x.x.x.x https ExchangeServer https netmask 255.255.255.255
static (dmz,outside) 74.62.65.37 ADPBackup netmask 255.255.255.255 dns
static (BobAllenNetwork,outside) x.x.x.x 192.168.50.6 netmask 255.255.255.255
access-group outside_access_in in interface outside
access-group dmz_access_in in interface dmz
route outside 0.0.0.0 0.0.0.0 x.x.x.x 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
ldap attribute-map BobAllen
  map-name  VPN Access-Hours
  map-value VPN VPN VPN
dynamic-access-policy-record DfltAccessPolicy
aaa-server VPN protocol ldap
aaa-server VPN (BobAllenNetwork) host 192.168.50.4
 ldap-base-dn dc=boballenford, dc=local
 ldap-group-base-dn VPN
 ldap-scope subtree
 ldap-naming-attribute sAMAccountName
 ldap-login-password *
 ldap-login-dn cn=dshwartz, cn=test, dc=boballenford, dc=local
 server-type microsoft
aaa-server BobAllenRADIUS protocol radius
aaa-server BobAllenRADIUS (BobAllenNetwork) host 192.168.50.4
 key B@2010!
aaa authentication ssh console LOCAL
http server enable
http 176.0.0.0 255.255.255.0 Management
http 206.95.243.80 255.255.255.240 inside
http 206.95.243.0 255.255.255.128 inside
http 192.168.50.0 255.255.255.0 BobAllenNetwork
http 192.168.90.0 255.255.255.0 BobAllenNetwork
http 192.168.100.0 255.255.255.0 BobAllenNetwork
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
crypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac
crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
crypto ipsec transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac
crypto ipsec transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
crypto ipsec transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set pfs group1
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-

DES-SHA ESP-DES-MD5
crypto map outside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map outside_map interface outside
crypto isakmp enable outside
crypto isakmp policy 10
 authentication pre-share
 encryption 3des
 hash sha
 group 2
 lifetime 86400
telnet 192.168.50.0 255.255.255.0 BobAllenNetwork
telnet timeout 5
ssh 192.168.100.0 255.255.255.0 BobAllenNetwork
ssh 192.168.90.0 255.255.255.0 BobAllenNetwork
ssh 192.168.50.0 255.255.255.0 BobAllenNetwork
ssh timeout 5
console timeout 60
management-access BobAllenNetwork
dhcpd auto_config outside
!
dhcpd dns 24.94.165.25 24.94.165.34 interface inside
dhcpd domain boballenford interface inside
!
dhcpd address 176.0.0.5-176.0.0.250 Management
dhcpd dns 176.0.0.1 interface Management
dhcpd lease 86400 interface Management
dhcpd enable Management
!

threat-detection basic-threat
threat-detection statistics access-list
threat-detection statistics tcp-intercept rate-interval 30 burst-rate 400 average-rate 200
ntp server 206.246.122.250 source outside
ntp server 64.90.182.55 source outside
ntp server 96.47.67.105 source outside

 
!
class-map global-class
 match access-list global_mpc
!
!
policy-map global_policy
 class global-class
  ips inline fail-open
!
service-policy global_policy global
0
mcstechguru1978Author Commented:
Go it working.  Besides the inside route, I needed a dynamic NAT for the new subnet.


0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
mcstechguru1978Author Commented:
The route and NAT worked.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Cisco

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.