我是 ASA 的新手，我正在尽最大努力让我们的新 VLAN104（服务器）通过 ASA 连接到互联网。我有一个 L3 交换机，它执行 vlan 间路由。每个 vlan 可以互相 ping 通。Vlan1（192.168.100.0/24）与ASA直连，可以正常上网。

就在最近，我创建了一个新的 vlan104 (id 104) (192.168.104.0/24)，并在那里移动了一些新的 VM 和存储。我可以从这个新的 vlan ping 到核心交换机 (HP 2920)。ASA 不响应或阻止我。奇怪的是，当我断开 2x 接入交换机（LAN）与核心交换机的连接时，将我的笔记本电脑直接连接到核心交换机，分配一个静态 VLAN104 IP 地址（192.168.104.xx），它直接进入互联网。除非/直到我将 2x 接入交换机插回核心交换机，否则 ping 回复很好。

注意：服务器和计算机连接到接入交换机。请参阅随附的图表以获取信息。如果您需要配置，我会根据要求发布。或者如果我的英文不清楚，请告诉我。

感谢您的任何回应和帮助。

这是当前的配置：

ASA Version 9.1(2) 
!
interface GigabitEthernet0/0
 description Outside Interface
 nameif outside
 security-level 0
 ip address 10.15.xx.xx 255.255.255.0 
!
interface GigabitEthernet0/1
 description Inside Interface
 nameif inside
 security-level 100
 ip address 192.168.100.2 255.255.255.0 
!
 domain-name pngngcb.local
same-security-traffic permit inter-interface
same-security-traffic permit intra-interface
object network inside-outside
 subnet 192.168.100.0 255.255.255.0
 description Inside LAN to Outside
object network 192.168.100.5
 host 192.168.100.5
 description mail-server
object network 192.168.100.103
 host 192.168.100.103
 description mail-server
object network 192.168.100.3
 host 192.168.100.3
 description server
object network vlan104
 subnet 192.168.104.0 255.255.255.0
object-group service DM_INLINE_SERVICE_1
 service-object icmp echo
 service-object icmp6 echo
access-list inside_access_in extended permit object-group DM_INLINE_SERVICE_1 any any 
access-list inside_access_in remark NGCB Server - Mail & File Server
access-list inside_access_in extended permit ip object 192.168.100.5 any 
access-list inside_access_in extended permit ip host 192.168.100.102 any 
access-list inside_access_in extended permit ip host 192.168.100.111 any 
access-list inside_access_in extended permit ip host 192.168.104.11 any 
no asdm history enable
arp timeout 14400
no arp permit-nonconnected
!
object network inside-outside
 nat (inside,outside) dynamic interface
 nat (inside,outside) dynamic interface
object network vlan104
 nat (inside,outside) dynamic interface
access-group outside_access_in in interface outside
access-group inside_access_in in interface inside
route outside 0.0.0.0 0.0.0.0 10.15.xx.xx 1
route inside 192.168.104.0 255.255.255.0 192.168.100.9 1
timeout xlate 3:00:00
timeout pat-xlate 0:00:30
http server enable
http 192.168.1.0 255.255.255.0 management
http 192.168.100.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart warmstart
crypto ipsec security-association pmtu-aging infinite
crypto ca trustpool policy
telnet timeout 5
ssh timeout 5

!
class-map inspection_default
 match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
 parameters
  message-length maximum client auto
  message-length maximum 512
policy-map global_policy
 class inspection_default
  inspect dns preset_dns_map 
  inspect ftp 
  inspect h323 h225 
  inspect h323 ras 
  inspect ip-options 
  inspect netbios 
  inspect rsh 
  inspect rtsp 
  inspect skinny  
  inspect esmtp 
  inspect sqlnet 
  inspect sunrpc 
  inspect tftp 
  inspect sip  
  inspect xdmcp 
  inspect icmp 
!

HP 2920 switch
...............
Running configuration:

; J9729A Configuration Editor; Created on release #WB.15.12.0015
; Ver #05:18.41.ff.35.0d:9b

hostname "NGCB-SW4"
module 1 type j9729a
ip default-gateway 192.168.100.2
ip route 0.0.0.0 0.0.0.0 192.168.100.2
ip routing
interface 44
   name "UPLINK_TO_SW#2_LEVEL_2"
   exit
interface 45
   name "LINK_TO_PBX"
   exit
interface 46
   name "PTP_LINK_TO_MOGORU_MOTO"
   exit
interface 47
   name "UPLINK_TO_SW#1_LEVEL_3"
   exit
interface 48
   name "UPLINK_TO_ROUTER"
   exit
snmp-server community "public" unrestricted
oobm
   ip address dhcp-bootp
   exit
vlan 1
   name "DEFAULT_VLAN"
   no untagged 45
   untagged 1-43,48,A1-A2,B1-B2
   tagged 44,46-47
   ip address 192.168.100.9 255.255.255.0
   ip helper-address 192.168.100.103
   exit
vlan 100
   name "VoIP"
   untagged 45
   tagged 1-4,6-44,46-48
   ip address 192.168.50.254 255.255.255.0
   ip helper-address 192.168.100.103
   exit
vlan 104
   name "MANAGEMENT"
   ip address 192.168.104.254 255.255.255.0
   ip helper-address 192.168.100.103
   exit
no tftp server
no autorun
no dhcp config-file-update
no dhcp image-file-update
password manager