Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
806
Views
2
Helpful
1
Replies

NTP peering with a PIX firewall?

vladrac-ccna
Level 5
Level 5

‎12-01-2006 04:05 PM - edited ‎03-11-2019 02:03 AM

Hello everyone,

I have a couple of routers outside a pix firewall that need NTP service.

Due to some routing and NAT "issues" I cant get to the real NTP servers.

Is it possible to peer to a PIX firewall (6.3)?

I would use:

switch(config)#ntp peer Pix-IP

Is it possible?

Thanks,

Vlad

Labels:
0 Helpful
1 Reply 1

a.kiprawih
Level 7
Level 7

‎12-03-2006 06:26 AM

Q: Is it possible to peer to a PIX firewall (6.3)?

A: No, as PIX ver 6.2 or higher allows the PIX Firewall to function as a client for Network Time Protocol (NTP) Version 3.0 servers.

http://www.cisco.com/en/US/partner/products/sw/secursw/ps2120/products_configuration_guide_chapter09186a0080172790.html#wp1035622

Correct me if I am wrong, but you mentioned that the routers are outside PIX, which they shouldn't have problem to sync with any external NTP Servers, as well as PIX itself. But of course, you'll have problem if you want them to sync with internal NTP Server.

If Routers need to sync with internal NTP Server (internal router, etc), you need to map the internal router with Public IP, or use PIX outside interface to redirect NTP data (tcp/udp-123, pref udp 123). Open ACL and allow ntp protocol only between outside routers and internal NTP server/router.

If routers are on internal network, open ACL and bind to inside interface - allow udp 123)

HTH

AK

Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card