07-24-2007 10:57 AM - edited 03-11-2019 03:48 AM
Hello. First time to the forum.
We are trying to get a NAT translation into our ASA/PIX 5520 for a L2L VPN connection.
Everytime I try to enter in the static (inside, outside) command, I get this error:
ERROR: access-list used in static has different local addresses
All of our current NAT translations go to our Internet IP's. This one however is for an internal translation to go down the VPN tunnel.
Can someone tell me what this error is?
Thanks in advance. - Mark
07-24-2007 11:31 AM
we need to see the full command you're trying to enter with the static command, and the access-list that goes with it. any other nat/static statements involving these addresses would be helpful too.
07-24-2007 11:44 AM
OK. Here is what I was trying:
static (inside,outside) 10.251.84.68 access-list Fxxx
access-list Fxxx extended permit ip host 172.25.20.12 128.x.x.x 255.255.255.0
access-list Fxxx extended permit ip host 10.64.12.71 128.x.x.x 255.255.255.0
access-list Fxxx extended permit ip host 10.64.12.72 128.x.x.x 255.255.255.0
Neither the 128.x.x.x nor the 10.251. addresses are referenced in my no-nat acl.
Thanks.
07-24-2007 11:59 AM
you can't use the static command..you have too many source addresses...
try the following:
nat (inside) 1 access-list Fxxx
global (outside) 1 10.251.84.68
this might not have the desired affect though, if connections are initiated from the other side of the tunnel.
You really need more than just the one 10.251.84.68 address for NAT'ing these addresses across the tunnel.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide