05-14-2020 10:21 AM
Does anyone know why I'm getting this error and how to fix it:
ERROR: access-list used in static has different local addresses
I didn't find anything helpful when I Googled it.
It happened when I was trying to translate some addresses (that is the remote end of a site-to-site vpn tunnel) and trying to translate that and then use the new translated IP as a source network for a Phase 2 access-list for a different site-to-site vpn tunnel.
Thank you in advance!
Paula
05-14-2020 12:16 PM
share you configuration and detail scenario what you looking for in order to help you on this issue.
05-14-2020 12:26 PM
Thank you Sheraz for the quick reply.
See below:
static (inside,outside) 192.168.201.26 access-list l2l-vpn
Access-list l2l-vpn extended permit ip 172.x.0.0 255.255.0.0 host x.x.x.x
Access-list l2l-vpn extended permit ip 172.x.0.0 255.255.0.0 host x.x.x.x
sc-asa-01(config)# static (inside,outside) 192.168.x.x access-list l2l-vpn
When pasting the above static line, I immediately get the following error:
ERROR: access-list used in static has different local addresses
Thank you!
05-14-2020 02:15 PM
it could be you are using the wrong acl which is configured in a way which is not supported for this NAT. The ERROR message specifies that there are "different local addresses". Perhaps this indicates a situation where you have several different source addresses (on several ACL lines) specified in the "access-list" when you are actually trying to translate one hosts local IP address to one mapped/nat IP address. here very similar discussion found on cisco community.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: