I've done this in the past for specific host entries with no problem, but I can't figure out how to do this for an entire subnet. I need something along the lines of the following:
access-list OKC2DAL extended permit ip 192.168.1.0 255.255.255.0 192.168.107.0 255.255.255.0
static (inside,outside) 192.168.99.0 access-list OKC2DAL netmask 255.255.255.0
I see netmask as an option, but the ASA states "invalid option netmask." The ASA is running 8.2(2).
=====
OKC-PIX(config)# static (inside,outside) 192.168.99.0 access-l OKC2DAL ?
configure mode commands/options:
<0-65535> The maximum number of simultaneous tcp connections the local IP
hosts are to allow, default is 0 which means unlimited
connections. Idle connections are closed after the time
specified by the timeout conn command
dns Use the created xlate to rewrite DNS address record
netmask Configure Netmask to apply to IP addresses
norandomseq Disable TCP sequence number randomization
tcp Configure TCP specific parameters
udp Configure UDP specific parameters
<cr>
OKC-PIX(config)# $.168.99.0 access-l OKC2DAL netmask ?
configure mode commands/options:
A.B.C.D Netmask to apply to IP addresses
BurnsOKC-PIX(config)# static (inside,outside) 192.168.99.0 access-l OKC2DAL netmask 255.255.255.0
invalid option netmask
Usage: [no] static [(real_ifc, mapped_ifc)]
{<mapped_ip>|interface}
{<real_ip> [netmask <mask>]} | {access-list <acl_name>}
[dns]
[[tcp] <max_conns> [<emb_lim> [<norandomseq> [nailed]]]]
[udp <max_conns>]
[no] static [(real_ifc, mapped_ifc)] {tcp|udp}
{<mapped_ip>|interface} <mapped_port>
{<real_ip> <real_port> [netmask <mask>]} |
{access-list <acl_name>}
[dns]
[[tcp] <max_conns> [<emb_lim> [<norandomseq> [nailed]]]]
[udp <max_conns>]
show running-config [all] static [<mapped_ip>]
clear configure static
=====
Thanks for your assistance.
