<div>
Hi!<br />
<br />
try to add the following commands<br />
<br />
<i>same-security-traffic permit inter-interface<br />
same-security-traffic permit intra-interface<br />
</i><br />
the ASA would usually block traffic from interfaces with the same security level by default.<br />
<br />
Just a comment on the NAT. By default, if you do not configure NAT for 8.2 or higher codes, it will do NAT0, so unless you added a NAT statement which are hitting traffic from &quot;inside&quot; to &quot;voice&quot; interface, you dont really need to add NAT statements.
</div>


<div>
Thank you. <br />
Added NAT as shown above.<br />
Already had same-security-traffic lines.<br />
Still no luck. <br />
Trying to ping 172.22.35.19 from ASDM using ALL or INSIDE interface - 100% success. If I specify VOICE - no ping.<br />
Pinging 10.0.1.3 or 10.0.1.4 (computer behind the interface) on ALL or VOICE interface - fine, INSIDE - nothing.<br />
<br />
Attached is an updated config.<br />
<a href="https://filedb.experts-exchange.com/incoming/2015/12_w52/1058761/ASA5510-upload.txt" target="_blank" class="file-inline" title="ASA5510-upload.txt (4 KB)"><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 512 512"><path d="M67.508 468.467c-58.005-58.013-58.016-151.92 0-209.943l225.011-225.04c44.643-44.645 117.279-44.645 161.92 0 44.743 44.749 44.753 117.186 0 161.944l-189.465 189.49c-31.41 31.413-82.518 31.412-113.926.001-31.479-31.482-31.49-82.453 0-113.944L311.51 110.491c4.687-4.687 12.286-4.687 16.972 0l16.967 16.971c4.685 4.686 4.685 12.283 0 16.969L184.983 304.917c-12.724 12.724-12.73 33.328 0 46.058 12.696 12.697 33.356 12.699 46.054-.001l189.465-189.489c25.987-25.989 25.994-68.06.001-94.056-25.931-25.934-68.119-25.932-94.049 0l-225.01 225.039c-39.249 39.252-39.258 102.795-.001 142.057 39.285 39.29 102.885 39.287 142.162-.028A739446.174 739446.174 0 0 1 439.497 238.49c4.686-4.687 12.282-4.684 16.969.004l16.967 16.971c4.685 4.686 4.689 12.279.004 16.965a755654.128 755654.128 0 0 0-195.881 195.996c-58.034 58.092-152.004 58.093-210.048.041z"/></svg>ASA5510-upload.txt</a>
</div>


ASA5510-upload.txt

<div>
Still no luck. Please help. I'm going crazy.<br />
It irritates me to no end that such simple task as routing between 2 internal interfaces takes so much effort!!!
</div>


<div>
OK. I just reset ASA to factory default and assigned IP addresses to ports. <br />
<br />
!<br />
interface Ethernet0/0<br />
&nbsp;nameif outside<br />
&nbsp;security-level 0<br />
&nbsp;ip address xxx.xxx.xxx.xxx 255.255.255.240 <br />
! &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; <br />
interface Ethernet0/1<br />
&nbsp;nameif inside<br />
&nbsp;security-level 100<br />
&nbsp;ip address 172.22.35.19 255.255.255.0 <br />
!<br />
interface Ethernet0/2<br />
&nbsp;nameif voice<br />
&nbsp;security-level 100<br />
&nbsp;ip address 10.0.1.3 255.255.255.0 <br />
<br />
Checked &quot;Enable traffic between two or more interfaces which are configured with same security levels&quot;<br />
Checked &quot;Enable traffic between two or more hosts connected to the same interface&quot;<br />
<br />
No ping between interfaces. I'm stuck.
</div>


<div>
By default icmp is not inspected traffic. ASA need to inspect icmp or ping will be dropped.<br />
<br />
policy-map global_policy<br />
&nbsp;class inspection_default<br />
&nbsp; inspect icmp<br />
&nbsp; exit<br />
&nbsp;exit<br />
<br />
<a href="http://mumblestiltskin.blogspot.rs/2012/03/enabling-icmp-on-cisco-asa-firewall.html" rel="ugc">GUI</a>
</div>


<div>
Added. No ping between INSIDE and VOICE.<br />
Attached is current config (all default except for interfaces and ICMP inspection)<br />
<a href="https://filedb.experts-exchange.com/incoming/2015/12_w52/1059950/ASA5510-upload.txt" target="_blank" class="file-inline" title="ASA5510-upload.txt (3 KB)"><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 512 512"><path d="M67.508 468.467c-58.005-58.013-58.016-151.92 0-209.943l225.011-225.04c44.643-44.645 117.279-44.645 161.92 0 44.743 44.749 44.753 117.186 0 161.944l-189.465 189.49c-31.41 31.413-82.518 31.412-113.926.001-31.479-31.482-31.49-82.453 0-113.944L311.51 110.491c4.687-4.687 12.286-4.687 16.972 0l16.967 16.971c4.685 4.686 4.685 12.283 0 16.969L184.983 304.917c-12.724 12.724-12.73 33.328 0 46.058 12.696 12.697 33.356 12.699 46.054-.001l189.465-189.489c25.987-25.989 25.994-68.06.001-94.056-25.931-25.934-68.119-25.932-94.049 0l-225.01 225.039c-39.249 39.252-39.258 102.795-.001 142.057 39.285 39.29 102.885 39.287 142.162-.028A739446.174 739446.174 0 0 1 439.497 238.49c4.686-4.687 12.282-4.684 16.969.004l16.967 16.971c4.685 4.686 4.689 12.279.004 16.965a755654.128 755654.128 0 0 0-195.881 195.996c-58.034 58.092-152.004 58.093-210.048.041z"/></svg>ASA5510-upload.txt</a>
</div>


<div>
<blockquote>
Additional Guidelines<br />
<br />
&nbsp; &nbsp; - The ASA does not respond to ICMP echo requests directed to a broadcast address.<br />
&nbsp; &nbsp; - The ASA only responds to ICMP traffic sent to the interface that traffic comes in on; you cannot send ICMP traffic through an interface to a far interface.<br />
&nbsp; &nbsp; - If you cannot ping the ASA interface, make sure that you enable ICMP to the ASA for your IP address using the icmp command.
</blockquote>
Try to strictly permit icmp - <a href="http://www.cisco.com/c/en/us/td/docs/security/asa/asa90/configuration/guide/asa_90_cli_config/access_management.html#pgfId-1093364" rel="ugc">Cisco - ASA 9.0</a><br />
<br />
icmp { permit | deny } { host ip_address | ip_address mask | any } [ icmp_type ] interface_name<br />
icmp permit any inside
</div>


<div>
I added:<br />
icmp permit any inside <br />
icmp permit any voice<br />
<br />
No ping. I'm trying to ping 172.22.35.19 using VOICE (using ASDM Ping) - no ping. If I use INSIDE - works.<br />
When trying to ping 10.0.1.3 using INSIDE - no ping. If I use VOICE - works.<br />
<br />
I can ping OUTSIDE interface using both INSIDE and VOICE. I'm assuming that works because I added natting to it:<br />
object network inside<br />
&nbsp;subnet 172.22.35.0 255.255.255.0<br />
object network voice<br />
&nbsp;subnet 10.0.1.0 255.255.255.0<br />
object network NAT_voice-outside<br />
&nbsp;subnet 10.0.1.0 255.255.255.0<br />
object network NAT_inside-outside<br />
&nbsp;subnet 172.22.35.0 255.255.255.0<br />
object network outside<br />
&nbsp;subnet xxxxxxxxxxxxxx 255.255.255.240<br />
<br />
object network NAT_voice-outside<br />
&nbsp;nat (voice,outside) dynamic interface<br />
object network NAT_inside-outside<br />
&nbsp;nat (inside,outside) dynamic interface<br />
route outside 0.0.0.0 0.0.0.0 xxxxxxxxxxxxx 1 <br />
<br />
I tried to add NAT between INSIDE and VOICE - but ASA tells me that I can't add because it already exists? If it does, why doesn't it work?<br />
<br />
I'm stuck. It's been a week. I understand I'm newbie with ASA, but I'm getting quite discouraged. Please help.
</div>


<div>
Check the routing from your router to asa on both inside and voice zone...<br />
is there route present to reach to firewall<br />
even if it is directly connected try to give static route toward the firewall<br />
It is required for return traffic..<br />
You can try this.....
</div>


<div>
Apparently I can ping between the subnets, except for far interface IP address.<br />
<br />
Meaning from INSIDE I can ping everything on the INSIDE net, (including INSIDE interface IP) and everything OUTSIDE (excluding OUTSIDE interface IP).<br />
Same goes for VOICE - everything on VOICE and INSIDE, except INSIDE interface IP.<br />
<br />
And of course, those interface IP's are what I was trying to test ping all along.<br />
<br />
Thanks everyone involved.
</div>


<div>
<div class="content wysiwyg-content">
Used to have Cisco 1811 as my router and gateway, but had some issue with VPN tunnels, decided to use ASA 5510, 9.1(6), Security Plus lic instead.<br />
Have a network with eth0/0 (internet), eth 0/1 (data) and eth 0/2 (voice).<br />
<br />
Issue: I can ping both internal networks from ASA, but not between networks.<br />
<br />
interface Ethernet0/0<br />
&nbsp;nameif outside<br />
&nbsp;security-level 0<br />
&nbsp;ip address xxx.xxx.xxx.xxx 255.255.255.240 <br />
! &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; <br />
interface Ethernet0/1<br />
&nbsp;nameif inside<br />
&nbsp;security-level 100<br />
&nbsp;ip address 172.22.35.19 255.255.255.0 <br />
!<br />
interface Ethernet0/2<br />
&nbsp;nameif voice<br />
&nbsp;security-level 100<br />
&nbsp;ip address 10.0.1.3 255.255.255.0 <br />
<br />
Attached is my full config. I'm new to ASA (ok with IOS) and most help I find to resolve is for pre-8.3 ASA. <br />
Thank you!<br />
<a href="https://filedb.experts-exchange.com/incoming/2015/12_w52/1058504/ASA5510-upload.txt" target="_blank" class="file-inline" title="ASA5510-upload.txt (3 KB)"><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 512 512"><path d="M67.508 468.467c-58.005-58.013-58.016-151.92 0-209.943l225.011-225.04c44.643-44.645 117.279-44.645 161.92 0 44.743 44.749 44.753 117.186 0 161.944l-189.465 189.49c-31.41 31.413-82.518 31.412-113.926.001-31.479-31.482-31.49-82.453 0-113.944L311.51 110.491c4.687-4.687 12.286-4.687 16.972 0l16.967 16.971c4.685 4.686 4.685 12.283 0 16.969L184.983 304.917c-12.724 12.724-12.73 33.328 0 46.058 12.696 12.697 33.356 12.699 46.054-.001l189.465-189.489c25.987-25.989 25.994-68.06.001-94.056-25.931-25.934-68.119-25.932-94.049 0l-225.01 225.039c-39.249 39.252-39.258 102.795-.001 142.057 39.285 39.29 102.885 39.287 142.162-.028A739446.174 739446.174 0 0 1 439.497 238.49c4.686-4.687 12.282-4.684 16.969.004l16.967 16.971c4.685 4.686 4.689 12.279.004 16.965a755654.128 755654.128 0 0 0-195.881 195.996c-58.034 58.092-152.004 58.093-210.048.041z"/></svg>ASA5510-upload.txt</a>
</div>
</div>


Used to have Cisco 1811 as my router and gateway, but had some issue with VPN tunnels, decided to use ASA 5510, 9.1(6), Security Plus lic instead.
Have a network with eth0/0 (internet), eth 0/1 (data) and eth 0/2 (voice).

Issue: I can ping both internal networks from ASA, but not between networks.

interface Ethernet0/0
 nameif outside
 security-level 0
 ip address xxx.xxx.xxx.xxx 255.255.255.240 
!             
interface Ethernet0/1
 nameif inside
 security-level 100
 ip address 172.22.35.19 255.255.255.0 
!
interface Ethernet0/2
 nameif voice
 security-level 100
 ip address 10.0.1.3 255.255.255.0 

Attached is my full config. I'm new to ASA (ok with IOS) and most help I find to resolve is for pre-8.3 ASA. 
Thank you!

ASA 5510 - Routing issues between sub-intefaces

Cisco PIX is a dedicated hardware firewall appliance; the Cisco Adaptive Security Appliance (ASA) is a firewall and anti-malware security appliance that provides unified threat management and protection the PIX does not. Other Cisco devices and systems include routers, switches, storage networking, wireless and the software and hardware for PIX Firewall Manager (PFM), PIX Device Manager (PDM) and Adaptive Security Device Manager (ASDM).

Cisco

Security is the protection of information systems from theft or damage to the hardware, the software, and the information on them, as well as from disruption or misdirection of the services they provide. The main goal of security is protecting assets, and an asset is anything of value and worthy of protection.  Information Security is a discipline of protecting information assets from threats through safeguards to achieve the objectives of confidentiality, integrity, and availability or CIA for short. On the other hand, disclosure, alteration, and disruption (DAD) compromise the security objectives.

Security

Voice over IP (VoIP) is a methodology and group of technologies for the delivery of voice communications and multimedia sessions over Internet Protocol (IP) networks, such as the Internet. Other terms commonly associated with VoIP are IP telephony, Internet telephony, broadband telephony, and broadband phone service. The term specifically refers to the provisioning of communications services (voice, fax, SMS, voice-messaging) over the public Internet, rather than via the public switched telephone network (PSTN).  Examples of the VoIP protocols are H.323, Media Gateway Control Protocol (MGCP), Session Initiation Protocol (SIP), H.248 (also known as Media Gateway Control (Megaco)), Real-time Transport Protocol (RTP), Real-time Transport Control Protocol (RTCP), Secure Real-time Transport Protocol (SRTP), Session Description Protocol (SDP), and Inter-Asterisk eXchange (IAX).

Voice Over IP

Networking is the process of connecting computing devices, peripherals and terminals together through a system that uses wiring, cabling or radio waves that enable their users to communicate, share information and interact over distances. Often associated are issues regarding operating systems, hardware and equipment, cloud and virtual networking, protocols, architecture, storage and management.