cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1299
Views
5
Helpful
2
Replies

Cisco ASA version 7 NTP sync with ISP modem

Rahul Kapadia
Level 1
Level 1

Hello, 

I'm facing issue related to NTP from ISP to inside host

 

TOPOLOGY: ISP modem--->Outside_Int--->ASA--->Inside_Int

 

ACL:

access-list VLAN100_IN extended permit tcp any any eq www
access-list VLAN100_IN extended permit tcp any any eq https
access-list VLAN100_IN extended permit udp any any eq domain
access-list VLAN100_IN extended permit udp any any eq ntp
access-list VLAN20_IN extended permit tcp any any eq www
access-list VLAN20_IN extended permit tcp any any eq https
access-list VLAN20_IN extended permit udp any any eq domain

 

NTP:
ntp authentication-key 1 md5 *
ntp authenticate
ntp trusted-key 1
ntp server 192.168.100.1 source VLAN100

 

ISP modem IP: 192.168.100.1

outside int IP: 192.168.100.50

Inside int VLAN100 IP: 192.168.1.1

Inside int VLAN20 IP: 192.168.2.1

 

I want that ASA capture time from ISP modem and deliver it to inside host

 

2 Replies 2

Marvin Rhoads
Hall of Fame
Hall of Fame

Do you have confirmation that the ISP modem supports operation as an NTP server with authentication?

It would be unusual to see that offered.

More commonly we would use an Internet-based NTP server. There are some that offer authenticated NTP if you register with them.

As I know the ASA can not be NTP Server,

so only way here is bypass NTP from client to ISP NTP Server through ASA.

Review Cisco Networking for a $25 gift card