Re: Cisco ASA NAT error message

latenaite2011 · ‎05-14-2020

Does anyone know why I'm getting this error and how to fix it:

ERROR: access-list used in static has different local addresses

I didn't find anything helpful when I Googled it.

It happened when I was trying to translate some addresses (that is the remote end of a site-to-site vpn tunnel) and trying to translate that and then use the new translated IP as a source network for a Phase 2 access-list for a different site-to-site vpn tunnel.

Thank you in advance!

Paula

Sheraz.Salim · ‎05-14-2020

share you configuration and detail scenario what you looking for in order to help you on this issue.

please do not forget to rate.

latenaite2011 · ‎05-14-2020

Thank you Sheraz for the quick reply.

See below:

static (inside,outside) 192.168.201.26 access-list l2l-vpn

Access-list l2l-vpn extended permit ip 172.x.0.0 255.255.0.0 host x.x.x.x

sc-asa-01(config)# static (inside,outside) 192.168.x.x access-list l2l-vpn

When pasting the above static line, I immediately get the following error:

ERROR: access-list used in static has different local addresses

Thank you!

Sheraz.Salim · ‎05-14-2020

it could be you are using the wrong acl which is configured in a way which is not supported for this NAT. The ERROR message specifies that there are "different local addresses". Perhaps this indicates a situation where you have several different source addresses (on several ACL lines) specified in the "access-list" when you are actually trying to translate one hosts local IP address to one mapped/nat IP address. here very similar discussion found on cisco community.

please do not forget to rate.