I have a an ASA 5510, version 8.2(1) and I'm trying to get NTP from our Core Nexus 7K Switch through this to a Time Server on the Internet. This fails.
The ASA has three interfaces; Inside, Outside and Management. The 7K is behind the Management interface, this interface is configured so that it isn't management only. All other types of comms work through the Firewall OK but NTP fails. Heres how I prove it and the perplexing observation.
There are three rules on the Managment Interface:
I have a NAT rule to translate the 7K to an external address.
I start a packet capture on the ASA from the Management interface to the Outside interface and filter on the target Time Server, when I try the three different forms of communication from the 7K I get the following results:
Why isn't the NTP getting NAT'ed ?????????
This is driving me crazy as the ASA is selectively not NATing the NTP packets.
Anyone got any idea why this isn't working?
Is NTP really using the same source-IP as Telnet and TFTP?
Sent from Cisco Technical Support iPad App
Yes the NTP, Telnet and TFTP are all from the same source address, thats why it is so crazy. Completely frustrating and driving me mad. The ASA is selectively not translating the NTP packets!!!!!!!