We are setting up an ASA5505 with security plus licensing to provide trunking to a catalyst 2950-12 switch. We got the trunking up and working, which passes two vlans, but we cannot get routing to work between the vlans. We have enabled same-security-traff permit inter and intra commands and still no worky.
I found that extended pings, sourcing from the data siv interface to the ip address on the voice svi don't work. I've also made certain that the security level of the two svi's are the same (100). Below are excerpts of the relevant configuration components. Point of comment to add is that there are no interfaces on the ASA in the two vlans other than the trunk port.
int vlan 10
des inside voice
ip address 10.1.1.1 255.255.255.0
int vlan 20
des inside data
ip address 10.2.1.1 255.255.255.0
switchport trunk allowed vlan 164-165
switchport mode trunk
same-security-traffic permit inter-interface
same-security-traffic permit intra-interface
Pings from a device on the data vlan (10.2.1.2) on the 2950 switch can ping the data vlan gateway address (asa data svi ip 10.2.1.1), and likewise a device on the voice vlan (10.1.1.2) can ping the voice gateway address (asa svi ip 10.1.1.1)
I've already read this document, to no avail: