Cisco 3560 connected to an ASA, clients don't have internet access

I know this is a simple thing I am not doing but for the life of me I am unable to figure out what.  Here is the break down:
The office in question is a satellite office of a global organization.  The 10 of them connect to a 3560.  The 3560 connects to the ASA.  The ASA connects to the internet.  The switch got factory reset (and this is a new client so I was not able to get the config prior).  The ASA is just as it was when everything was working.  

The office is on the 172.20.1.X /24 network.  The inside interface of the ASA is The DNS servers are in Asia and are on the 10.1.101.X /24 network.  With the config of the switch as it is below the switch can ping the DNS servers but not the internet.  The clients (connected directly to the 3560) can get to anything on the 172.20.1.X subnet and they can ping which is the routed port on the 3560, but they cannot ping (the inside interface of the ASA) even though the switch can, and obviously they cannot access the internet.

3560 Config below:
version 12.2
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
hostname Switch
enable secret 5 $1$vLQ.$1K.XaQiaK4FDLu0aTyNYd.
enable password …………….
no aaa new-model
clock timezone UTC -5
clock summer-time UTC recurring
system mtu routing 1500
ip subnet-zero
ip routing
ip domain-name c………….com
ip dhcp excluded-address
ip dhcp excluded-address
ip dhcp pool CWT
   import all
   domain-name c………
no file verify auto
spanning-tree mode pvst
spanning-tree extend system-id
vlan internal allocation policy ascending
interface GigabitEthernet0/1
interface GigabitEthernet0/2
interface GigabitEthernet0/3
interface GigabitEthernet0/4
interface GigabitEthernet0/5
interface GigabitEthernet0/6
interface GigabitEthernet0/7
interface GigabitEthernet0/8
interface GigabitEthernet0/9
interface GigabitEthernet0/10
interface GigabitEthernet0/11
interface GigabitEthernet0/12
interface GigabitEthernet0/13
interface GigabitEthernet0/14
interface GigabitEthernet0/15
interface GigabitEthernet0/16
interface GigabitEthernet0/17
interface GigabitEthernet0/18
interface GigabitEthernet0/19
interface GigabitEthernet0/20
interface GigabitEthernet0/21
interface GigabitEthernet0/22
interface GigabitEthernet0/23
interface GigabitEthernet0/24
 description To ASA
 no switchport
 ip address
interface GigabitEthernet0/25
interface GigabitEthernet0/26
interface GigabitEthernet0/27
interface GigabitEthernet0/28
interface Vlan1
 ip address
ip default-gateway
ip classless
ip route
ip http server
line con 0
 password ………………….
line vty 0 4
 password ………………
 length 0
line vty 5 15
 password ………………

I can upload the ASA file if needed, but most of it is VPN stuff.  Here are the important bits:

ASA Version 8.2(1)
hostname ASA
enable password NuLKvvWGg.x9HEKO encrypted
passwd NuLKvvWGg.x9HEKO encrypted
interface Vlan1
 nameif inside
 security-level 100
 ip address
interface Vlan2
 nameif outside
 security-level 0
 ip address
interface Ethernet0/0
 switchport access vlan 2
interface Ethernet0/1
!To 3560

global (outside) 1 interface
nat (inside) 0 access-list inside_nat0_outbound
nat (inside) 1
router eigrp 10
route outside 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
dynamic-access-policy-record DfltAccessPolicy

Just to be clear the ASA has not been changed at all, everything was working fine until the switch was reset so this is not an issue with the ASA.
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

are you sure about default route on ASA?
route outside 1

interface Vlan2
 ip address
 :) - is network address - is broadcast address -118 - are usable network addresses

And also:
Why is router point to itself as default gateway?
ip default-gateway

And for solution of your problem add on switch

router eigrp 10

and that should be it.

Your problem is that ASA have no network in routing table so all traffic for that network is matching with default route, and as a result all traffic for that network is sent to internet

Or you can add static route on ASA that will point to as next hop for network

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
kind4meAuthor Commented:
Thank you, thank you, thank you!

The ip in the post on the ASA was changed to protect the innocent, but I am very impressed by your subnetting skills.  

I think
router eigrp 10

is the answer to the problem.  

Also should the gateway on the switch be pointed to
Sure it should point to
And thank you for compliment
kind4meAuthor Commented:
If I could buy you a beer I would!  I knew it was one stupid line I was missing but I couldn't see the forest through the trees.  The minute you said it I knew that was it.  

Thanks again.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.