Good day all, I'm in a bit of a pickle.

We have a new 5585X running ASA  9.1(6)6 with ASDM 7.4(2) in HA configuration.

It's working fine for our normal traffic and I have it passing log files from the DMZ to the log server; however, trying to get a DMZ Perimeter switch to talk to the NTP server on the inside is a bit of a bear.

Right now we have the packet tracer showing all green for the path between the Outside and Inside interfaces on the firewall.

However we are unable to see the DMZ device respond to time updates from the inside NTP server.

!create object for the outside interface 
object network ntp_external
host "DMZoutside"

!Create the first object for the yoko ntp server
object network ntp_internal_Yoko
host  "NTPInsideServer1"
nat (inside,outside) static ntp_external service udp 123 123

!Create the second object for the sas ntp server
object network ntp_internal_Sas
host "NTPInsideServer2"
nat (inside,outside) static ntp_external service udp 123 123

! Create the object group to bundle both servers IP's
 object-group network NTP_Group1
        network-object object ntp_internal_Yoko
        network-object object ntp_internal_Sas

! Create the access-lists for the outside interface
access-list outside_access_in line 6 extended permit tcp object YOSSR object ntp_internal_Yoko eq 123 log disable
access-list outside_access_in line 6 extended permit tcp object YOSSR object ntp_internal_Sas eq 123 log disable

Creating the rule for ntp
      access-group global_access global
      access-list Outside_access_in line 28 extended permit udp object ntp_external object-group NTP_Group1 eq ntp  log disable
      clear configure access-list global_acce
  

Can anyone shed some light on this topic?

ej