https://community.cisco.com/t5/network-security/ntp-vulnerability-for-cisco-router-28000/m-p/4861830#M1101947 <P>Thanks for your response and is it should be in wan interface?</P><P>If possible, please help me with configuration in global part and interface part.</P> Sat, 24 Jun 2023 17:32:30 GMT Srinivas N 2023-06-24T17:32:30Z https://community.cisco.com/t5/network-security/ntp-vulnerability-for-cisco-router-28000/m-p/4861822#M1101945 <P>Hi Firends,</P><P>We wants to apply NTP Vulnerability fix in cisco router, below are the requirement and do the needful.</P><P>1. We want to use NTP server as Microsoft (Cloud), means want to do client configuration on Cisco router.&nbsp;</P><P>2. no other NTP server should not communicate (May be need some access list, so that my router should reach-out only Microsoft NTP server only, not any other could NTP server.</P><P>Please help me for sample configuration.</P><P>Thanks in Advance,</P><P>Srinivas.</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P> Sat, 24 Jun 2023 16:53:14 GMT https://community.cisco.com/t5/network-security/ntp-vulnerability-for-cisco-router-28000/m-p/4861822#M1101945 Sriinuvas 2023-06-24T16:53:14Z https://community.cisco.com/t5/network-security/ntp-vulnerability-for-cisco-router-28000/m-p/4861826#M1101946 <P>Hi</P> <P>Basically you need</P> <P><EM>conf t <BR /></EM></P> <P><EM>clock timezone GMT- (your GMT)<BR />&nbsp;ntp peer &lt;Microsoft NTP&gt;&nbsp; prefer normal-sync</EM></P> <P>This should be enough. For ACL but if you need to add</P> <P>access-list xx permit udp host &lt;your router&gt; &lt;Microsoft NTP&gt; eq ntp</P> <P>&nbsp;</P> Sat, 24 Jun 2023 17:20:29 GMT https://community.cisco.com/t5/network-security/ntp-vulnerability-for-cisco-router-28000/m-p/4861826#M1101946 Flavio Miranda 2023-06-24T17:20:29Z https://community.cisco.com/t5/network-security/ntp-vulnerability-for-cisco-router-28000/m-p/4861830#M1101947 <P>Thanks for your response and is it should be in wan interface?</P><P>If possible, please help me with configuration in global part and interface part.</P> Sat, 24 Jun 2023 17:32:30 GMT https://community.cisco.com/t5/network-security/ntp-vulnerability-for-cisco-router-28000/m-p/4861830#M1101947 Srinivas N 2023-06-24T17:32:30Z https://community.cisco.com/t5/network-security/ntp-vulnerability-for-cisco-router-28000/m-p/4861831#M1101948 <P>&nbsp;On the wan interface you can to</P> <P>int Gix/x</P> <P>&nbsp; access-group xx in</P> Sat, 24 Jun 2023 17:42:50 GMT https://community.cisco.com/t5/network-security/ntp-vulnerability-for-cisco-router-28000/m-p/4861831#M1101948 Flavio Miranda 2023-06-24T17:42:50Z https://community.cisco.com/t5/network-security/ntp-vulnerability-for-cisco-router-28000/m-p/4861840#M1101951 <P>Thanks Flavio, will try and confirm you.</P> Sat, 24 Jun 2023 18:05:17 GMT https://community.cisco.com/t5/network-security/ntp-vulnerability-for-cisco-router-28000/m-p/4861840#M1101951 Srinivas N 2023-06-24T18:05:17Z https://community.cisco.com/t5/network-security/ntp-vulnerability-for-cisco-router-28000/m-p/4861847#M1101953 <P>Only keep in mind that the ACL may need to be more complex then that in order to handle other trafffics. I am considering only ntp</P> Sat, 24 Jun 2023 18:25:49 GMT https://community.cisco.com/t5/network-security/ntp-vulnerability-for-cisco-router-28000/m-p/4861847#M1101953 Flavio Miranda 2023-06-24T18:25:49Z