We have ASA 5505 setup at a client site and have just installed a new VoIP system. The phones/telco server are on VLAN200 at 10.20.6.0/24, computers on VLAN1 at 172.20.6.0/24.
We need to be able to route traffic from VLAN1 to VLAN 200. I went ahead and added a static route for all phone network traffic to hit .254 (phone server) as gateway to the telco network:
route inside 10.20.6.0 255.255.255.0 172.20.6.254 1
I am having trouble getting the proper ACL in place to support this, currently any traffic from VLAN1 to VLAN200 is getting denied:
%ASA-3-106014: Deny inbound icmp src inside:172.20.6.172 dst inside:10.20.6.254 (type 8, code 0)
Any help in putting together the ACLs for this would be greatly appreciated!
I am not sure that this is really an ACL issue. It looks like the traffic arrives on interface inside and should forward out interface inside. By default the ASA does not want to forward traffic out the same interface that it arrived on. Try this command and see if things work better
same-security-traffic permit intra-interface
I am glad that my suggestion did turn out to solve your problem. Thanks for posting back to the forum to confirm that this was the issue.