03-10-2009 02:10 AM - edited 03-06-2019 04:29 AM
hi,
is it possible configuring 3560 in this way without knowing ip address of the server ntp ?
"ntp server ntp.srv.u"
thanks
03-10-2009 02:18 AM
Hello Xavier,
yes it should be possible see from one of my routers (a c6500 with old sup1A and 12.1E):
ntp server ?
Hostname or A.B.C.D IP address of peer
vrf VPN Routing/Forwarding Information
the hostname is an accepted option
you need also to provide a DNS server for the router to be able to resolve the hostname
Hope to help
Giuseppe
03-10-2009 02:52 AM
but my problem is more complexity.
there are two networks different separated by a firewall. The network where NTP server is external as well as DNS server and I do not have the possibility of knowing their address IP. the network that I configuring(intern) must go to seek hour on this address " ntp.srv.u". Is the question is, that feasible?
03-10-2009 03:09 AM
Hello Xavier,
your router needs to consult a DNS server that can be internal.
the firewall has to be configured to allow DNS requests from inside to outside and the answers
Then real problem is that also the FW doesn't know the ip address of the NTP server
so or you open all udp port 123 with source the router and destination any or you need something similar to CBAC:
the firewall can allow the answer after having seen the first udp packet from the router to the NTP server (once the ntp ip address is solved)
both requirements on UDP traffic (DNS and NTP) can be met by using a firewall
A firewall permits the return traffic of flows that are started from the most trusted interface to the less trusted (inside to outside)
this is default behaviour with PIX and ASA.
However, if there is an ACL applied inbound to inside you may need to add lines for DNS and NTP flows to permit them.
So saying it shortly, yes this is feasible.
Hope to help
Giuseppe
03-10-2009 03:23 AM
thanks giuseppe
if i have another question, i will be back.
xavier
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide