NTP through a VPN tunnel - Page 2

irbk · ‎11-20-2023

I would like to setup sort of a single source of truth for time on the network. Our WatchGuard box at HQ already has pool.ntp configured on it and our servers are then getting NTP data from the WatchGuard. I'd like to also have the ASA 5525, who is on the other side of a VPN tunnel to the WatchGuard, using the WatchGuard as his NTP source. I've configured the ASA with
ntp server <ip of WatchGuard> source <vlan with firewall rules allowing NTP through to the WatchGuard>
The vlan above has other servers that are able to get NTP from the WatchGuard without issue. I'm guessing that the NTP packets from the ASA aren't really being sourced from the right interface or something? Even though I've specified a source.

MHM Cisco World · ‎11-20-2023

Take your time

Check vpn ot must be up.

irbk · ‎11-20-2023

Yep, VPN is up, a windows client behind the ASA can talk to the NTP server without issue. The ASA however doesn't seem to be able to communicate with it.

MHM Cisco World · ‎11-20-2023

Management access is solution here.

irbk · ‎11-20-2023

I've added the management access for inside as you suggested but it doesn't change anything. Let me rephrase that, I could ping to the remote server from the ASA, which I couldn't do before the management access inside command, so it's not that the command had no effect. However still no NTP. Still unsynchronized and insane. Plus I wouldn't want to enable that management access in production.