01-29-2021 11:05 PM
Hello,
I'm facing issue related to NTP from ISP to inside host
TOPOLOGY: ISP modem--->Outside_Int--->ASA--->Inside_Int
ACL:
access-list VLAN100_IN extended permit tcp any any eq www
access-list VLAN100_IN extended permit tcp any any eq https
access-list VLAN100_IN extended permit udp any any eq domain
access-list VLAN100_IN extended permit udp any any eq ntp
access-list VLAN20_IN extended permit tcp any any eq www
access-list VLAN20_IN extended permit tcp any any eq https
access-list VLAN20_IN extended permit udp any any eq domain
NTP:
ntp authentication-key 1 md5 *
ntp authenticate
ntp trusted-key 1
ntp server 192.168.100.1 source VLAN100
ISP modem IP: 192.168.100.1
outside int IP: 192.168.100.50
Inside int VLAN100 IP: 192.168.1.1
Inside int VLAN20 IP: 192.168.2.1
I want that ASA capture time from ISP modem and deliver it to inside host
01-29-2021 11:51 PM
Do you have confirmation that the ISP modem supports operation as an NTP server with authentication?
It would be unusual to see that offered.
More commonly we would use an Internet-based NTP server. There are some that offer authenticated NTP if you register with them.
01-30-2021 05:52 AM
As I know the ASA can not be NTP Server,
so only way here is bypass NTP from client to ISP NTP Server through ASA.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide