ASA NTP time

hienhaidam · ‎10-13-2011

Hi all,

We use ASA 5200 as a VPN concentrator with more than 50 VPN tunnels running on it. Now we'd like to implemente NTP to get time from an external server in DMZ. My question is:

- if I activate the NTP feature on ASA, will it reset all the current VPN tunnels as a result ? Would these tunnels go DOWN -> UP ?

- Should I reboot the ASA ?

Please note down the ASA is in a production environment.

Thanks.

HH

mikecrowe4ICS_2 · ‎11-02-2011

Quick note: this should really be posted as a discussion item, rather than a document. I'd recommend moving it, or simply deleting/recreating the post there. When it's a post containing a question, or requesting help/information, you're more likely to get a (faster) response there.

-----------------------------

Anyway, as for your questions regarding enabling NTP on an ASA ...

- if I activate the NTP feature on ASA, will it reset all the current VPN tunnels as a result ? Would these tunnels go DOWN -> UP ?

No, there's no reason it should. Enabling NTP is a pretty straight-forward configuration change, and virtually harmless.

- Should I reboot the ASA ?

No, there's no need to reboot the device. Just be sure to save the configuration to memory once it's done.

For more information, I'd recommend checking out the ASA CLI Configuration Guide, specifically the section on date/time settings.

--- Mike