11-08-2012 07:41 AM - edited 02-21-2020 04:46 AM
I have a an ASA 5510, version 8.2(1) and I'm trying to get NTP from our Core Nexus 7K Switch through this to a Time Server on the Internet. This fails.
The ASA has three interfaces; Inside, Outside and Management. The 7K is behind the Management interface, this interface is configured so that it isn't management only. All other types of comms work through the Firewall OK but NTP fails. Heres how I prove it and the perplexing observation.
There are three rules on the Managment Interface:
I have a NAT rule to translate the 7K to an external address.
I start a packet capture on the ASA from the Management interface to the Outside interface and filter on the target Time Server, when I try the three different forms of communication from the 7K I get the following results:
Why isn't the NTP getting NAT'ed ?????????
This is driving me crazy as the ASA is selectively not NATing the NTP packets.
Anyone got any idea why this isn't working?
Thanks,
Paul
11-08-2012 03:49 PM
Is NTP really using the same source-IP as Telnet and TFTP?
Sent from Cisco Technical Support iPad App
11-09-2012 02:26 AM
Yes the NTP, Telnet and TFTP are all from the same source address, thats why it is so crazy. Completely frustrating and driving me mad. The ASA is selectively not translating the NTP packets!!!!!!!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide