Showing results for 
Search instead for 
Did you mean: 

Does PIX support NTP...


If not, what is the best practice to allow NTP to synchronize with internal network devices from external sources?

All comment welcome... Thanks.

4 Replies 4

Rising star
Rising star

In version 6.2 I know the PIX supports ntp as a client but I don't think as a server (see NTP uses port 123. I believe the client starts the ntp connection with the ntp server, so the PIX can allow your internal clients to communicate with the NTP server without having to create an acl. If I am wrong, and you need an acl, put a server on the DMZ, sync with the internet NTP server that way, and allow your inside devices to sync with the DMZ ntp server.

Hope it helps.


Thanks for the comment...

I am running version 5.3(6) and I now know that NTP is not supported under 6.1.

Do you have any recommendations for allowing the traffic thru from external to internal?

Be as specific as possible in the acl.


access-list 101 permit tcp host x.x.x.x host y.y.y.y eq 123 (x.x.x.x is the public ntp server and y.y.y.y is your ntp server)

static (inside, outside) y.y.y.y netmask

If you have any internal acls, only allow that internal ntp server to communicate with others via ntp, and lock that server down (not a server guy anymore so can't help with that). If it's a router, have an acl on it only allow the public ntp server to access it via ntp. Not much else you can do if you are stuck with direct external to internal.

Hope that's what you are looking for.


Two comments:

An NTP client initiates all communications to servers and even to peers. There is no server push. If you are syncing to outside sources, you will only need an acl if you are restricing outbound traffic.

Most routine NTP traffic is UDP. Only some interactive traffic, like ntpq queries, are TCP, so you generally only have to allow UDP.


Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers