我正在配置一个全新的 ASA，但防火墙拒绝在我的内部接口上进行通信。

无论流量类型如何，每次都会被隐式拒绝拒绝。我希望得到一些关于如何解决这个问题的反馈/建议。

以下是设置/配置：

路由器 | 10.0.4.253 vlan 300| -------- ASA | 10.0.4.254 vlan 300|

ASA 接口配置和 ACL：

 interface GigabitEthernet1/2
  no nameif
  security-level 100
  no ip address

 interface GigabitEthernet1/2.2
  vlan 300
  nameif inside
  security-level 100
  ip address 10.0.4.254 255.255.255.252

   access-list inside_access_in extended permit ip any any
   access-list inside_access_in extended permit icmp any any
   access-list inside_access_out extended permit ip any any
   access-list inside_access_out extended permit icmp any any
   access-group inside_access_in in interface inside
   access-group inside_access_out out interface inside

  # packet-tracer input inside icmp 10.0.4.254 8 0 10.0.4.253 detailed

   Phase: 1
   Type: ROUTE-LOOKUP
   Subtype: Resolve Egress Interface
   Result: ALLOW
   Config:
   Additional Information:
   found next-hop 10.0.4.253 using egress ifc  inside

   Phase: 2
   Type: ACCESS-LIST
   Subtype:
   Result: DROP
   Config:
   Implicit Rule
   Additional Information:
    Forward Flow based lookup yields rule:
    in  id=0x7f1a5004b610, priority=501, domain=permit, deny=true
    hits=5, user_data=0x7, cs_id=0x0, reverse, flags=0x0, protocol=0
    src ip/id=10.0.4.254, mask=255.255.255.255, port=0, tag=any
    dst ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=any, dscp=0x0
    input_ifc=inside, output_ifc=any

   Result:
   input-interface: inside
   input-status: up
   input-line-status: up
   output-interface: inside
   output-status: up
   output-line-status: up
   Action: drop
   Drop-reason: (acl-drop) Flow is denied by configured rule

我不知道为什么这会立即下降？我中间有一个 tcpdump 侦听器，接口发送 0 个数据包，没有 arp，什么也没有。

当我的路由器尝试 ping 时，我看到在侦听器上请求的 arp 没有回复：

   10:16:17.018288 ARP, Request who-has 10.0.4.254 tell 10.0.4.253, length 46