L3 ESW1 交换机配置：

Building configuration...

Current configuration : 2512 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
no service dhcp
!
hostname ESW1
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
no ip icmp rate-limit unreachable
ip cef
ip tcp synwait-time 5
!
no ip domain lookup
!
interface FastEthernet0/0
 description *** Unused for Layer2 EtherSwitch ***
 ip address 10.46.15.1 255.255.255.128
 duplex auto
 speed auto
!
interface FastEthernet0/1
 description *** Unused for Layer2 EtherSwitch ***
 ip address 10.46.14.1 255.255.255.128
 duplex auto
 speed auto
!
interface FastEthernet1/0
 duplex full
 speed 100
!
interface FastEthernet1/1
 duplex full
 speed 100
!
interface FastEthernet1/2
 duplex full
 speed 100
!
interface FastEthernet1/3
 duplex full
 speed 100
!
interface FastEthernet1/4
 duplex full
 speed 100
!
interface FastEthernet1/5
 duplex full
 speed 100
!
interface FastEthernet1/6
 duplex full
 speed 100
!
interface FastEthernet1/7
 duplex full
 speed 100
!
interface FastEthernet1/8
 duplex full
 speed 100
!
interface FastEthernet1/9
 duplex full
 speed 100
!
interface FastEthernet1/10
 duplex full
 speed 100
!
interface FastEthernet1/11
 duplex full
 speed 100
!
interface FastEthernet1/12
 duplex full
 speed 100
!
interface FastEthernet1/13
 duplex full
 speed 100
!
interface FastEthernet1/14
 duplex full
 speed 100
!
interface FastEthernet1/15
 no switchport
 no ip address
 duplex full
 speed 100
!
interface Vlan1
 no ip address
!
interface Vlan100
 no ip address
!
ip route 0.0.0.0 0.0.0.0 10.46.15.5
!
!
no ip http server
no ip http secure-server
!
no cdp log mismatch duplex
!
control-plane
!
banner exec ^C

***************************************************************
This is a normal Router with a SW module inside (NM-16ESW)
It has been preconfigured with hard coded speed and duplex

To create vlans use the command "vlan database" from exec mode
After creating all desired vlans use "exit" to apply the config

To view existing vlans use the command "show vlan-switch brief"

Warning: You are using an old IOS image for this router.
Please update the IOS to enable the "macro" command!
***************************************************************

^C
!
line con 0
 exec-timeout 0 0
 privilege level 15
 logging synchronous
line aux 0
 exec-timeout 0 0
 privilege level 15
 logging synchronous
line vty 0 4
 login
!
!
end

L3 ESW1 交换机上的 Ping 结果：

ESW1#ping 125.20.160.154

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 125.20.160.154, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
ESW1#ping 10.46.15.5

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.46.15.5, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 56/60/64 ms
ESW1#

ASA配置：

ASA Version 8.4(2)
!
hostname ciscoasa
enable password 8Ry2YjIyt7RRXU24 encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
names
!
interface GigabitEthernet0
 nameif inside
 security-level 100
 ip address 10.46.15.5 255.255.255.128
!
interface GigabitEthernet1
 nameif outside
 security-level 0
 ip address 125.20.160.154 255.255.255.248
!
interface GigabitEthernet2
 nameif outside1
 security-level 0
 ip address 192.168.0.1 255.255.255.0
!
interface GigabitEthernet3
 shutdown
 no nameif
 no security-level
 no ip address
!
ftp mode passive
pager lines 24
mtu inside 1500
mtu outside 1500
mtu outside1 1500
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
route outside 0.0.0.0 0.0.0.0 125.20.160.153 1
route inside 10.46.0.0 255.255.0.0 10.46.15.1 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
user-identity default-domain LOCAL
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart warmstart
telnet timeout 5
ssh timeout 5
console timeout 0
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
!
class-map inspection_default
 match default-inspection-traffic
!
!
policy-map global_policy
 class inspection_default
  inspect ftp
  inspect h323 h225
  inspect h323 ras
  inspect rsh
  inspect rtsp
  inspect esmtp
  inspect sqlnet
  inspect skinny
  inspect sunrpc
  inspect xdmcp
  inspect sip
  inspect netbios
  inspect tftp
  inspect ip-options
  inspect icmp
!
prompt hostname context
call-home reporting anonymous prompt 1
call-home
 profile CiscoTAC-1
  no active
  destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService
  destination address email callhome@cisco.com
  destination transport-method http
  subscribe-to-alert-group diagnostic
  subscribe-to-alert-group environment
  subscribe-to-alert-group inventory periodic monthly
  subscribe-to-alert-group configuration periodic monthly
  subscribe-to-alert-group telemetry periodic daily
crashinfo save disable
Cryptochecksum:999fd131b6f29f235d6839e5ef0489ae
: end

ASA 上的 Ping 结果：

ciscoasa(config)# ping 10.46.14.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.46.14.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/6/10 ms
ciscoasa(config)# ping 125.20.160.153
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 125.20.160.153, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/12/30 ms
ciscoasa(config)#