The other thing is that I really want users in vlan 10 to access the ip address 192.168.1.2 and this IP could be a web portal or FTP server.Well that IP is the IP of the interface and you can't use duplicate IPs on the same network. The alternative is if the router is running the web service.
what I want to know is that the workstation in vlan 10 with ip 10.50.10.2 can it ping the IP 192.168.1.1 or 192.168.1.2. Do I need more configuration on the ASA or in the core to make it ping successfully.Because the security is set to 0, you will need an ACL to permit the traffic
I agree with what you suggested. The websever to be 192.168.1.200 and one to one IP between the routers to be 192.168.1.1 -- 192.168.1.2If you noticed, I changed the IP on the point-to-point link to a public address instead (198.x.x.x)
the router R2 belongs to a different organization and I will not have access to it.How you're connected to R2 determines on what to configure.
In a live production environment this Core is where all the SVIs are created what happens when another company put their our LAN and wants you to get a connection to one server.Are you referring to the 3560 in your diagram as the core switch?
I can not make the core switch to work as layer 2.Layer 3 switches have all the capabilities of layer 2. The layer 3 is an additional feature
What if I replace the ASA WITH A ROUTER? i dont care about the security levels for now I just want it to work with out changing the inside network.I still don't know how your topology looks like. Let's lay the foundation (infrastructure) first before going any further. I didn't see any answer to my previous question
Interface security level change is all you probably need based on your configuration. Just set the security interface to 100
All the routes would be treated as connected routes so you won't really need to specify specific routes.
The addresses are private and won't need any NAT
You shouldn't need to configure an ACL, you can determine that by running a packet trace
packet-tracer input inside tcp 10.10.10.0 4444 192.168.1.2 4444 detailed
In real world, the internal interfaces would have a security level above 0, usually 100. These would be considered inside network. 192.168.1.1 would then be a gateway for the network to the internet
Lets assume the name of the interface 192.168.1.1 is outside and the actual int is E0/2
route outside 0.0.0.0 0.0.0.0 192.168.0.2
int e0/2
name if outside
security-level 0
Depending on you IOS version, you may be able to configure conventional route and if not you may need to use network objects to configure your NAT.
eg
nat (inside, outside) source dynamic any interface
Lastly, you will need to configure an access list to permit access on the outside interface since the security level is set to 0, meaning untrusted. 100 means trusted.