Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
615
Views
0
Helpful
2
Replies

ASA5520 Static NAT problem

Go to solution
Steve Coady
Level 1
Level 1

‎12-04-2014 12:03 AM - edited ‎03-11-2019 10:10 PM

Hello

 

I am getting the following error when I try to implement a statement that was removed.

 

ERROR: access-list used in static has different local addresses.

 

We were migrating to a new ASA. We shut the interfaces on the Old asa down (admin down)

 

A static statement was missing when we had to revert back to old ASA.

 

Please advise on what to do to resolve thi

sMc
Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Jouni Forss
VIP Alumni
VIP Alumni

‎12-04-2014 03:02 AM

Hi,

 

Not sure if I have ever encountered this problem.

 

On first glance it would almost seem like you were using the wrong ACL (or configured in a way thats not supported for this NAT) for the "static" command you are trying to insert?

 

Could you share the full "static" command you are trying to enter and also the configuration of the "access-list" that you are using in that "static" command?

 

The ERROR message specifies that there are "different local addresses". Perhaps this indicates a situation where you have several different source addresses (on several  ACL lines) specified in the "access-list" when you are actually trying to translate one hosts local IP address to one mapped/nat IP address.

 

Hope this helps :)

 

- Jouni

View solution in original post

0 Helpful
2 Replies 2

Go to solution
Jouni Forss
VIP Alumni
VIP Alumni

‎12-04-2014 03:02 AM

Hi,

 

Not sure if I have ever encountered this problem.

 

On first glance it would almost seem like you were using the wrong ACL (or configured in a way thats not supported for this NAT) for the "static" command you are trying to insert?

 

Could you share the full "static" command you are trying to enter and also the configuration of the "access-list" that you are using in that "static" command?

 

The ERROR message specifies that there are "different local addresses". Perhaps this indicates a situation where you have several different source addresses (on several  ACL lines) specified in the "access-list" when you are actually trying to translate one hosts local IP address to one mapped/nat IP address.

 

Hope this helps :)

 

- Jouni

0 Helpful

Go to solution
Steve Coady
Level 1
Level 1
In response to Jouni Forss

‎12-04-2014 07:59 AM

Jouni

 

Thank you for the response.

 

Its a strange problem indeed. The statement causing the issue is:

           static (inside,outside) 170.x.x.94  access-list MYPROD_PNAT

 

This statement has been in ASA for sometime and worked well.

Recently there were some new ACL statements referencing this same ACL. All worked well "Until"

we had to reboot the ASA. After reboot, that particular static was missing.

 

We had to remove the newest acl statements, apply the static and then re-enter the new statements for the work around.

 

sMc
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card