I am struggling to decide on an NTP design. The way I understand it is Cisco ASA cannot be NTP server only NTP client. Routers can act as NTP masters.
If you select "ntp master 1" and set ntp on the router to look at NIST, will this work? Are NIST server stratum 0?
- You don't necessarily need a stratum 0 server to connect with. Chaining up with the NTP servers provides by your ISP (or advised) will usually be sufficient.
I agreed with other post, you not required to set number after master, basic to setup NTP master
ntp server x.x.x.x prefer (if you want to get source from)
ntp server x.x.x.y you can alternative in the case above fails
ntp master - this act as a server
you can also have ACL to filter for the clients to use as master ntp.
If you do not like your Core Switch as Master, you can set up any small Linux or raspberry pi as NTP Server in your DMZ / Inside network for your NTP MAster, and NTP Server for your device. ( Since ASA can not be NTP Server for security reasons.)
If your NTP Server inside your network, make sure you have relevant ACL in place for getting NTP updates from the Internet.