Solved: Lake,

Lakeram Harrypersaud · ‎07-24-2015

Hi Guys,

I have a port that's open. I don't need this port open anymore. How can i remove it from the ASA 5510 version 8.4? Any help would be greatly appreciated.

object network mail
host 10.1.1.80

object network mail
nat (inside,outside) static 1.1.1.1

access-list acl-outside extended permit tcp any host 10.1.1.80 eq smtp
access-list acl-outside extended permit tcp any host 10.1.1.80 eq https

Thanks,

Lake

Marvin Rhoads · ‎07-24-2015

From your ASA enable mode login ("#"), switch to configure mode as follows:

# conf t

(config)#

Then enter the following:

no nat (inside,outside) static 1.1.1.1
no object network mail
no access-list acl-outside extended permit tcp any host 10.1.1.80 eq smtp
no access-list acl-outside extended permit tcp any host 10.1.1.80 eq https
end
wr mem

View solution in original post

Marvin Rhoads · ‎07-24-2015

From your ASA enable mode login ("#"), switch to configure mode as follows:

# conf t

(config)#

Then enter the following:

no nat (inside,outside) static 1.1.1.1
no object network mail
no access-list acl-outside extended permit tcp any host 10.1.1.80 eq smtp
no access-list acl-outside extended permit tcp any host 10.1.1.80 eq https
end
wr mem

Lakeram Harrypersaud · ‎07-27-2015

Thank you very much.

Regards,

Lake

Lakeram Harrypersaud · ‎07-29-2015

When i try to delete this object group i get this error. Any ideas?

no object network obj-2.2.2.2
ERROR: unable to delete object (obj-2.2.2.2). object is being used.

Thanks,

Lake

Marvin Rhoads · ‎07-29-2015

If the object is used in any object-groups, NAT statements or access-lists then those entries need to be deleted first.

Lakeram Harrypersaud · ‎07-30-2015

Can you please tell me how to remove these statements?

Thanks,

Lake

no nat (inside,any) source static obj-2.2.2.2 obj-2.2.2.2 destination static obj-192.168.1.0 obj-192.168.1.0 no-proxy-arp route-lookup

no nat (dmz,outside) source static obj-2.2.2. obj-2.2.2.2 destination static obj-192.168.1.0 obj-192.168.1.0 no-proxy-arp route-lookup

no nat (dmz,dmz) source static obj-2.2.2.2 obj-2.2.2.2 destination static obj-192.168.1.0 obj-192.168.1.0 no-proxy-arp route-lookup

Marvin Rhoads · ‎07-30-2015

Lake,

The "no" at the beginning of those lines is already what you need for their removal.

Per the command reference:

To configure twice NAT for IPv4, IPv6, or between IPv4 and IPv6 (NAT64), use the nat command in global configuration mode. To remove the twice NAT configuration, use the no form of this command.

For static NAT:

nat [(real_ifc,mapped_ifc)] [line | {after-auto [line]}]
source static {real_obj | any} {mapped_obj | interface [ipv6] | any}}
[destination static {mapped_obj | interface [ipv6]} {real_obj | any}]
[service {real_src_mapped_dest_svc_obj | any} mapped_src_real_dest_svc_obj] [net-to-net]
[dns] [unidirectional | [no-proxy-arp] [route-lookup]] [inactive] [description desc]
no nat [(real_ifc,mapped_ifc)] [line | {after-auto [line]}]
source static {real_obj | any} {mapped_obj | interface [ipv6] | any}}
[destination static {mapped_obj | interface [ipv6]} {real_obj | any}]
[service {real_src_mapped_dest_svc_obj | any} mapped_src_real_dest_svc_obj] [net-to-net]
[dns] [unidirectional | [no-proxy-arp] [route-lookup]] [inactive] [description desc]

How to remove a port tha't open