Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
4403
Views
0
Helpful
5
Replies

NTP on ASA

Go to solution
saquib.tandel
Level 1
Level 1

‎12-30-2010 08:55 AM - edited ‎03-11-2019 12:29 PM

Hello

Is it best practise to configure ASA  as NTP Server for clients on the Inside Network or just allow NTP traffic for host in the inside network.

Thanks

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Jennifer Halim
Cisco Employee
Cisco Employee

‎12-30-2010 02:29 PM

ASA can only be configured as NTP client, not NTP server, hence you have to use other devices as NTP server. I would suggest that you use your internal
router if you have one as an NTP server, and all networking devices, like ASA, router, etc. as NTP client getting the time from internet NTP server.

So all networking devices pointing to an external NTP server, and all clients point to your internal router NTP server.

Hope that helps.

View solution in original post

0 Helpful
5 Replies 5

Go to solution
Jennifer Halim
Cisco Employee
Cisco Employee

‎12-30-2010 02:29 PM

ASA can only be configured as NTP client, not NTP server, hence you have to use other devices as NTP server. I would suggest that you use your internal
router if you have one as an NTP server, and all networking devices, like ASA, router, etc. as NTP client getting the time from internet NTP server.

So all networking devices pointing to an external NTP server, and all clients point to your internal router NTP server.

Hope that helps.

0 Helpful

Go to solution
Kureli Sankar
Cisco Employee
Cisco Employee

‎12-30-2010 02:45 PM

I believe the ASA can only be configured as an NTP client. It is a good idea to configure the ASA to sync up time with an NTP server as well.

I suggest to use an inside router as an NTP server for your inside clients and have this router go to through the ASA to an external time source (like a military time source) for NTP.

If you do not use a routers on the inside you can pick a server on the inside.

http://tycho.usno.navy.mil/ntp.html

-KS

0 Helpful

Go to solution
sean_evershed
Level 7
Level 7

‎12-30-2010 04:39 PM

If you are not based in the US and you are looking for NTP servers that are closer to home then you can sync your router to one of the server in the pool listed below:

http://www.pool.ntp.org/zone/@

Regards

Sean

0 Helpful

Go to solution
saquib.tandel
Level 1
Level 1
In response to sean_evershed

‎12-31-2010 04:37 AM

Thanks to all for replying.

I am in the process of configuring an internal Router as NTP Server. On ASA I would only open ports (udp 123) from inside to outside, is this Ok.

ACL is applied on inside interface of ASA.

thanks

ST

0 Helpful

Go to solution
Jennifer Halim
Cisco Employee
Cisco Employee
In response to saquib.tandel

‎12-31-2010 05:21 AM

Yes, UDP/123 is the correct port for NTP.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card