Solved: Removing Network Objects

bellis1 · ‎09-23-2015

I'm trying to remove multiple network objects in an ASA running 9.1(3), but first I have to remove the NAT relationships connected to them. When removing the NAT rules, I am still not able to remove the object itself.

To enter config mode for the object, I entered:

(config)# 'object network obj_FirstLastPC'

To remove the nat relationship tied to that object, I entered:

(config-network-object)# 'no nat (inside,outside) static w.x.y.z'

However, I am still not able to delete the object group. This is the error I receive:

(config-network-object)# 'no object network obj_FirstLastPC'

ERROR: 'unable to delete object (obj_FirstLastPC). Object is being used.'

Any pointers or advise as to where to go next?

EDIT: Thanks to the below responses, this problem is solved. For anyone having future problems similar to this one, these are the steps I performed to fix the problem:

object-group network ObjectGroupName

no network-object object obj_FirstLastPC

exit

Object network obj_FirstLastPC

no nat (inside,outside) static w.x.y.z

no object network obj_FirstLastPC

Rishabh Seth · ‎09-23-2015

Yes, if you have an object part of an object-group then you will not be able to delete the object until you remove it from object group.

Hope it helps!!!

Thanks,

R.Seth

Dont forget to mark the answer as correct if it helps in resolving your query!!!

View solution in original post

Rishabh Seth · ‎09-23-2015

Hi,

First navigate to the object network obj_FirstLastPC hierarchy and then enter command no nat (inside,outside) source static w.x.y.z.

Hope it helps!!!

Thanks,

R.Seth

Dont forget to mark the answer as correct if it helps in resolving your query!!!

bellis1 · ‎09-23-2015

Seth,

I appreciate the message but unfortunately this does not do the trick. If you'll re-read the original post (I likely edited after you read it the first time), then you'll see that the above method is what I tried.

Rishabh Seth · ‎09-23-2015

Hi,

I see that you edited your original post. I think the object is used in some other configuration as well. It can be an acl where you have used it.

You can try show run | i obj_FirstLastPC

And of you see it used in your configuration then try deleting that configuration first and then remove the object definition.

Hope it helps!!!

Thanks,

R.Seth

Dont forget to mark the answer as correct if it helps in resolving your query!!!

bellis1 · ‎09-23-2015

This is the result I get:

(config)# 'sho run | i obj_FirstLastPC'

'object network obj_FirstLastPC

network-object object obj_FirstLastPC'

Also, the object itself is inside of a larger object-group called 'StaticPeople'. Would that have anything to do with my problem?

Rishabh Seth · ‎09-23-2015

Yes, if you have an object part of an object-group then you will not be able to delete the object until you remove it from object group.

Hope it helps!!!

Thanks,

R.Seth

Dont forget to mark the answer as correct if it helps in resolving your query!!!

svender01 · ‎07-03-2019

You may have to remove the acl that is applied to that object-group - then you can remove the object-group