Probably just something I am overlooking, but how do I allow return traffic from a lower security level interface to a higher one. My setup has E0/1 as the inside interface, then E0/2 is sub interfaced with 3 vlans, all at different security settings, 2 At 50 1 at 25. I setup nat (inside) 2 with an access list to nat the inside network to anything to the 10.0.0.0 network which goes out interface E0/2.2, a global (voice) 2 interface, using the IP of the voice e0/2.2 interface for PAT. I see translations, I see the router respond when I ping, but I dont see return traffic, obviously the ASA is dropping them. I verified this by setting security to 100 on the E0/2.2 interface and I can hit everything I need to. How can I do this with a lower security and ACL's?
Could you do a quick schematic of your topology.
What is the default-gateway of clients on vlan 47 - is it the ASA subinterface ?
Before any of that could you change -
access-list Nat2Voip extended permit ip 10.10.48.0 255.255.252.0 10.0.0.0 255.0.0.0
access-list Nat2Voip extended permit ip 10.10.48.0 255.255.252.0 10.15.124.0 255.255.255.0