asa区域不通

我的123456

第一次玩ASA 请帮忙看下为什么我从inside区域pingECN RCT 都不通，不是说从高往低能直接通的吗，如果想实现从RMT访问oob该怎么做ASA Version 9.2(2)4
!
hostname A2-SEC-FW-1-2
enable password 8Ry2YjIyt7RRXU24 encrypted
names
!
interface GigabitEthernet0/0
nameif ECN
security-level 70
ip address 10.129.1.145 255.255.255.248 standby 10.129.1.146
!
interface GigabitEthernet0/1
nameif RMT
security-level 70
ip address 10.129.1.153 255.255.255.248 standby 10.129.1.154
!
interface GigabitEthernet0/2
nameif OOB
security-level 90
ip address 10.129.1.161 255.255.255.248 standby 10.129.1.162
!            
interface GigabitEthernet0/3
shutdown
no nameif
no security-level
no ip address
!
interface GigabitEthernet0/4
shutdown
no nameif
no security-level
no ip address
!
interface GigabitEthernet0/5
shutdown
no nameif
no security-level
no ip address
!
interface GigabitEthernet0/6
description LAN/STATE Failover Interface
!
interface GigabitEthernet0/7
nameif inside
security-level 100
ip address 10.129.1.129 255.255.255.248 standby 10.129.1.130
!
interface Management0/0
management-only
nameif management
security-level 100
ip address 192.168.1.1 255.255.255.0
!
boot system disk0:/asa922-4-smp-k8.bin
ftp mode passive
pager lines 24
logging asdm informational
mtu management 1500
mtu ECN 1500
mtu RMT 1500
mtu OOB 1500
mtu inside 1500
failover
failover lan unit primary
failover lan interface folink GigabitEthernet0/6
failover link folink GigabitEthernet0/6
failover interface ip folink 10.129.1.83 255.255.255.192 standby 10.129.1.84
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-7221.bin
no asdm history enable
arp timeout 14400
no arp permit-nonconnected
route inside 10.129.0.0 255.255.255.0 10.129.1.133 1
route ECN 10.129.1.0 255.255.255.240 10.129.1.149 1
route RMT 10.129.1.16 255.255.255.240 10.129.1.157 1
route OOB 10.129.3.0 255.255.255.0 10.129.1.164 1
timeout xlate 3:00:00
timeout pat-xlate 0:00:30
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
user-identity default-domain LOCAL
http server enable
http 192.168.1.0 255.255.255.0 management
no snmp-server location
no snmp-server contact
crypto ipsec security-association pmtu-aging infinite
crypto ca trustpool policy
telnet timeout 5
no ssh stricthostkeycheck
ssh timeout 5
ssh key-exchange group dh-group1-sha1
console timeout 0
dhcpd address 192.168.1.2-192.168.1.254 management
dhcpd enable management
!
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
ssl encryption rc4-sha1 aes128-sha1 aes256-sha1 3des-sha1
!
class-map inspection_default
match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
parameters
  message-length maximum client auto
  message-length maximum 512
policy-map global_policy
class inspection_default
  inspect dns preset_dns_map
  inspect ftp
  inspect h323 h225
  inspect h323 ras
  inspect rsh
  inspect rtsp
  inspect esmtp
  inspect sqlnet
  inspect skinny  
  inspect sunrpc
  inspect xdmcp
  inspect sip  
  inspect netbios
  inspect tftp
  inspect ip-options
!
service-policy global_policy global
prompt hostname context
no call-home reporting anonymous
Cryptochecksum:f7de851cf65c57fc60ef6a0c9d870f61
: end

zyb1984

DEFAULT 不同区域好像是无法PING通的