Greetings, i have an ASA 5510 with three interfaces configured.
One is the outside interface, one is dediacted to voice traffic and one is dedicated to data traffic.
On the data network i have my laptop and on the voice network i have a CME system with unity express module installed.
The voice network sits on 172.22.25.0 /24
The data network sits on 172.23.24.0 /24
The unity express module on the cme system has a loopback address of 10.10.10.0 /30
Now i have no issues getting to the cme system on 172.22.25.0 /24 but cant get to 10.10.10.1 via the firewall.
I have tried identity statements and have a static route on the asa pointing to 10.10.10.0 /30 via the cme router to no effect, could someone recommend how i could get from the data network to the cue module on the voice network via the firewall.
Thanks for posting config, I do apologize , same-security-traffic permit intra-interface for a moment I had thought pictured in my mind 10.10.10.0 was coming from same access interface, so this command applies for voice source hosts under 10.10.10.0 accessing destinations on 172.22.25.0 net but it can be left as you will eventually need for above scenario:
access-list exempt_nat0_outbound extended permit ip 10.10.10.0 255.255.255.252 172.22.25.0 255.255.255.0
portmap translation creation failed for icmp src access:172.23.25.212 dst voice:10.10.10.1 (type 8, code 0)
As for translation fail message above add this to exempt nat acl and try again reaching 10.10.10.1 from 172.23.25.0
access-list exempt_nat0_outbound extended permit ip 10.10.10.0 255.255.255.252 172.23.24.0 255.255.255.0
PLS let us know how works out to fruther assist.