环境为：ASA为出口网关，下联两个接口连两台交换机。
将这两个接口绑成一个bridge group，设置一个bvi为网关地址。
问题为：从bridge group中的一个口ping另外一个接口下联的交换机可以ping通。
但是从一个接口：AVAYA的话机 到另外一个接口 AVAYA的IPO（类似PBX），话机接起来无声音,从AVAYA接的那个交换机可以ping通IPO。
配置如下：
interface GigabitEthernet1/1
nameif outside
security-level 0
ip address x.x.x.x 255.255.255.252
!
interface GigabitEthernet1/2
bridge-group 1
nameif inside1
security-level 100
!
interface GigabitEthernet1/3
bridge-group 1
nameif inside2
security-level 100
!
interface GigabitEthernet1/4
shutdown
no nameif
no security-level
no ip address
!
interface GigabitEthernet1/5
shutdown
no nameif
no security-level
no ip address
!
interface GigabitEthernet1/6
shutdown
no nameif
no security-level
no ip address
!
interface GigabitEthernet1/7
shutdown
no nameif
no security-level
no ip address
!
interface GigabitEthernet1/8
shutdown
no nameif
no security-level
no ip address
!
interface Management1/1
management-only
no nameif
no security-level
no ip address
!
interface BVI1
nameif inside
security-level 100
ip address 10.168.48.1 255.255.255.0
!
ftp mode passive
same-security-traffic permit inter-interface
same-security-traffic permit intra-interface
object network inside1
subnet 10.168.48.0 255.255.255.0
object network inside2
subnet 10.168.48.0 255.255.255.0
object-group network vpnsrc
network-object 10.168.48.0 255.255.255.0
object-group network vpndest
network-object 10.0.0.0 255.0.0.0
access-list inside2outside extended permit ip any any
access-list vpnlist extended permit ip object-group vpnsrc object-group vpndest
pager lines 24
logging enable
logging buffer-size 102400
logging buffered informational
logging asdm informational
mtu outside 1500
mtu inside1 1500
mtu inside2 1500
no failover
no monitor-interface inside
no monitor-interface service-module
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
no arp permit-nonconnected
arp rate-limit 16384
nat (inside1,outside) source static vpnsrc vpnsrc destination static vpndest vpndest route-lookup
nat (inside2,outside) source static vpnsrc vpnsrc destination static vpndest vpndest route-lookup
!
object network inside1
nat (inside1,outside) dynamic interface
object network inside2
nat (inside2,outside) dynamic interface
access-group inside2outside in interface inside1
access-group inside2outside in interface inside2
access-group inside2outside in interface inside
route outside 0.0.0.0 0.0.0.0 x.x.x.x 1
timeout xlate 3:00:00
timeout pat-xlate 0:00:30
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 sctp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
timeout conn-holddown 0:00:15
timeout igp stale-route 0:01:10
user-identity default-domain LOCAL
aaa authentication ssh console LOCAL
aaa authentication login-history
http server enable
http 10.0.0.0 255.0.0.0 inside1
http 10.0.0.0 255.0.0.0 inside2
snmp-server host inside 192.168.1.40 community *****
no snmp-server location
no snmp-server contact
snmp-server community *****
snmp-server enable traps syslog
snmp-server enable traps memory-threshold
snmp-server enable traps cpu threshold rising
service sw-reset-button
crypto ipsec ikev1 transform-set vpnset esp-3des esp-sha-hmac
crypto ipsec security-association pmtu-aging infinite
crypto map vpnmap 10 match address vpnlist
crypto map vpnmap 10 set peer x.x.x.x
crypto map vpnmap 10 set ikev1 transform-set vpnset
crypto map vpnmap interface outside
crypto ca trustpool policy
crypto ikev1 enable outside
crypto ikev1 policy 10
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
telnet timeout 5
ssh stricthostkeycheck
ssh 10.0.0.0 255.0.0.0 inside1
ssh 10.0.0.0 255.0.0.0 inside2
ssh timeout 5
ssh key-exchange group dh-group1-sha1
console timeout 0
dhcpd dns 10.167.16.3 10.168.0.68
dhcpd lease 43200
dhcpd auto_config outside
!
dhcpd address 10.168.48.31-10.168.48.250 inside
dhcpd wins 10.168.0.7 interface inside
dhcpd enable inside
!
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
dynamic-access-policy-record DfltAccessPolicy
username root password $sha512$5000$qtyMXRmCD8n3UOqeq0oHwA==$BV9gLCOhag0Ma67ndkY0bw== pbkdf2 privilege 15
tunnel-group x.x.x.x type ipsec-l2l
tunnel-group x.x.x.x ipsec-attributes
ikev1 pre-shared-key *****
!
class-map inspection_default
match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
parameters
message-length maximum client auto
message-length maximum 512
no tcp-inspection
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
inspect ip-options
inspect icmp
!
service-policy global_policy global
prompt hostname context
call-home reporting anonymous prompt 1
Cryptochecksum:aa8a6720199ccdc7b4f77260e09a5123
: end