External NTP is not working on my VPN 3000

benrad · ‎06-14-2006

I've found 3 other posts on this with no resolution, so I thought I'd ask again. I've set up 3 local time servers (MIT, UMass Boston) in the NTP list to synchronize the time on my VPN 3000 Concentrator. I continually get the "NTP time synchronization failed - The time could not be adjusted." error. I've tried turning it off (changing the frequency to zero, saving, changing it back to 60 minutes) and I still get the error. Our VPN is on our DMZ, and I tried creating a rule on the firewall allowing NTP packets in, however that didn't work either. I can ping and trace to all 3 servers from the VPN. Anything else I should look at?

Thanks,

Ben

Richard Burts · ‎06-16-2006

Ben

Ping and trace are find for demonstrating IP connectivity, so you can demonstrate that the problem is not lack of IP connectivity. NTP requests use UDP port 123 (the same port for source and destination). Are you sure that your firewall is allowing the requests to go out and allowing the responses to get back in?

HTH

Rick

HTH

Rick

donlon · ‎06-25-2006

Have you entered a rule on the Concentrators Public interface that permits NTP in and out?

I've encountered that "got ya" before.

If there's a disadvantage to the Concentrators easy to use GUI, its that sometimes when you enable something in one screen, it won't work untill you go to some other screen far away and set some required item. At least with the CLI, everything is there on one screen.