Народ, добрый день! Помогите пожалуйста!

Было отключение электричества, после включения ASA 5520 перестала выпускать во внешнюю сеть, локалка работает.
Конфиг был сохранен, до этого на протяжении пяти лет ребуталась она и не раз и конфиг оставался тот же и всё работало.
Сейчас пингую внешние хосты прям с маршрутизатора и он ничего не пингует, соответственно на всех компьютерах в локальной сети нет интернета ((

Gi0/0 - внешняя сеть, сюда прилетает интернет
Gi0/1 - локальная сеть, работает в 13 влане, улетает интернет на компьютеры в локальной сети

Конфиг:

ciscoasa# sh run
: Saved
:
ASA Version 8.4(5)
!
hostname ciscoasa
enable password 8Ry2YjIyt7RRXU24 encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
names
!
interface GigabitEthernet0/0
nameif outside
security-level 0
ip address 10.139.178.10 255.255.255.128
!
interface GigabitEthernet0/1
nameif inside
security-level 100
ip address 192.168.1.1 255.255.255.0
!
interface GigabitEthernet0/1.13
vlan 13
nameif int13
security-level 100
ip address 192.168.8.1 255.255.252.0
!
interface GigabitEthernet0/1.15
vlan 15
nameif test
security-level 0
ip address 192.168.20.1 255.255.255.192
!
interface GigabitEthernet0/2
shutdown
no nameif
no security-level
no ip address
!
interface GigabitEthernet0/3
shutdown
no nameif
no security-level
no ip address
!
interface Management0/0
nameif management
security-level 100
no ip address
management-only
!
ftp mode passive
dns domain-lookup outside
dns server-group DNS_MMMS
name-server 10.133.1.32
name-server 10.133.1.33
dns server-group DNS_asvt
name-server 212.46.0.3
name-server 212.46.1.2
object network LAN
subnet 192.168.8.0 255.255.252.0
pager lines 24
logging asdm informational
mtu outside 1500
mtu inside 1500
mtu int13 1500
mtu test 1500
mtu management 1500
no failover
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
no arp permit-nonconnected
!
object network LAN
nat (int13,outside) dynamic interface
route outside 0.0.0.0 0.0.0.0 10.139.178.1 1
timeout xlate 3:00:00
timeout pat-xlate 0:00:30
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
user-identity default-domain LOCAL
http server enable
http 192.168.1.0 255.255.255.0 management
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart warmstart
telnet timeout 5
ssh timeout 5
ssh key-exchange group dh-group1-sha1
console timeout 0
dhcpd dns 10.133.1.32
!
dhcpd address 192.168.11.50-192.168.11.99 int13
dhcpd enable int13
!
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
!
class-map inspection_default
match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
parameters
message-length maximum client auto
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
inspect ip-options
inspect icmp
!
service-policy global_policy global
prompt hostname context
no call-home reporting anonymous
Cryptochecksum:52f2775cfb0967a84a6c415fe1196b8f
: end

заодно обновитесь - по ARP АСА видит мак адрес шлюза - ?

какой статус interface GigabitEthernet0/0 -? может он не поднялся вовсе

Интерфейс поднят:

ciscoasa# sh int ip br
Interface IP-Address OK? Method Status Prot ocol
GigabitEthernet0/0 10.139.178.10 YES CONFIG up up
GigabitEthernet0/1 192.168.1.1 YES CONFIG up up
GigabitEthernet0/1.13 192.168.8.1 YES CONFIG up up
GigabitEthernet0/1.15 192.168.20.1 YES CONFIG up up
GigabitEthernet0/2 unassigned YES unset administratively down down
GigabitEthernet0/3 unassigned YES unset administratively down down
Management0/0 unassigned YES unset down down


Мак видит:

ciscoasa# SH arp
outside 10.139.178.122 d894.03ab.8633 745
outside 10.139.178.125 d894.03ab.848f 745
outside 10.139.178.124 40b9.3c0f.4a74 746
outside 10.139.178.123 d894.03ab.84e9 747
outside 10.139.178.1 e8f7.24e6.4f17 861
int13 192.168.8.198 54be.f750.8f61 2
int13 192.168.8.193 e03f.49b3.2d3d 2
int13 192.168.8.247 0012.16f2.f043 2
int13 192.168.8.195 54be.f735.272b 2
int13 192.168.9.137 e03f.49b3.3cdd 3
int13 192.168.8.152 e03f.49b3.3cb0 4
int13 192.168.9.139 e03f.49b3.2d37 4
...........

Помогите пожалуйста!

Сбросил к заводским, вроде всё прописал, может что забыл? Помогите!


ciscoasa# sh run
: Saved
:
ASA Version 8.4(5)
!
hostname ciscoasa
domain-name asanet
enable password UwiM/pkFcM.xYc8s encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
names
!
interface GigabitEthernet0/0
nameif outside
security-level 0
ip address 10.139.178.10 255.255.255.128
!
interface GigabitEthernet0/1
nameif inside
security-level 100
ip address 192.168.1.1 255.255.255.0
!
interface GigabitEthernet0/1.13
vlan 13
nameif int13
security-level 100
ip address 192.168.8.1 255.255.252.0
!
interface GigabitEthernet0/2
shutdown
no nameif
no security-level
no ip address
!
interface GigabitEthernet0/3
shutdown
no nameif
no security-level
no ip address
!
interface Management0/0
nameif management
security-level 0
ip address 192.168.0.1 255.255.255.0
!
ftp mode passive
dns domain-lookup outside
dns server-group DNS_MG
name-server 10.133.1.32
dns server-group DefaultDNS
domain-name asanet
object network LAN
subnet 192.168.8.0 255.255.252.0
pager lines 24
mtu management 1500
mtu outside 1500
mtu inside 1500
mtu int13 1500
no failover
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
no arp permit-nonconnected
!
object network LAN
nat (int13,outside) dynamic interface
route outside 0.0.0.0 0.0.0.0 10.139.178.1 1
timeout xlate 3:00:00
timeout pat-xlate 0:00:30
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
user-identity default-domain LOCAL
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart warmstart
telnet timeout 5
ssh timeout 5
ssh key-exchange group dh-group1-sha1
console timeout 0
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
!
class-map inspection_default
match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
parameters
message-length maximum client auto
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect ip-options
inspect netbios
inspect rsh
inspect rtsp
inspect skinny
inspect esmtp
inspect sqlnet
inspect sunrpc
inspect tftp
inspect sip
inspect xdmcp
!
service-policy global_policy global
prompt hostname context
call-home reporting anonymous prompt 2
call-home
profile CiscoTAC-1
no active
destination address http https://tools.cisco.com/its/service/odd ... DCEService
destination address email callhome@cisco.com
destination transport-method http
subscribe-to-alert-group diagnostic
subscribe-to-alert-group environment
subscribe-to-alert-group inventory periodic monthly
subscribe-to-alert-group configuration periodic monthly
subscribe-to-alert-group telemetry periodic daily
Cryptochecksum:ea941c0c717ae445f8b3febdff3b7f22
: end

Всем спасибо, тема закрыта, заработало))

Софт хоть обновите, а то сидите на решете

Да он локально стоит, внешнего воздействия не будет)) Спасибо)