Windows NTP server and AIP-SSM

Answered Question
Apr 3rd, 2007

We are using a Windows based server as the NTP server. However in order to configure NTP on the AIP-SSM, I need the NTP key ID and the NTP key value. How do one find that information or bypass it? Or is there a way to set the clock without using an NTP server. I disabled the NTP function hoping that it will use the firewall clock but it didn't.

Regards,

I have this problem too.
0 votes
Correct Answer by marcabal about 9 years 7 months ago

Your offset should be -360.

The offset is in minutes not hours. Right now you are saying that CDT is only -6 MINUTES from GMT when what you want is -6 HOURS which is -360 MINUTES.

offset -360

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
marcabal Thu, 04/05/2007 - 20:58

Without NTP configuration, the SSM Should sync it's clock to that of the ASA.

Keep in mind though that the SSM will sync it's GMT time with the GMT time of the ASA so as to avoid any affect of timezones.

If both devices are configured for GMT, or both are configured with the same timezone (and same offset - you have to manually set the offset)

Then both devices will show the same time.

BUT if each device is configured for a different timezone and different offsets, then their times will look different. But if you convert their times back to GMT you should find that they should be in sync.

Understand, however, that the syncing of it's time to the ASA is not a constant syncing process (unlike NTP which is). So the ASA and SSM can drift apart over long periods of time.

So NTP is still the recommended method.

If you can't get the windows based ntp server to work, then try a Cisco Router:

http://www.cisco.com/univercd/cc/td/doc/product/iaabu/csids/csids13/cliguide/clitasks.htm#wp1035649

You can even have the Router sync to the windows box and at the same time act as a server to the sensor.

Tshi M Thu, 04/12/2007 - 14:17

I don't seem get this to the right time. Below is my ntp-option config

time-zone-settings

offset -6

standard-time-zone-name CST

exit

ntp-option enabled

ntp-keys 312 md5-key life

ntp-servers 10.x.x.x key-id 312

exit

summertime-option recurring

summertime-zone-name CDT

start-summertime

month march

week-of-month second

day-of-week sunday

time-of-day 02:00:00

exit

end-summertime

month november

week-of-month first

day-of-week sunday

time-of-day 02:00:00

AIPSSM# sh clo de

.23:06:41 CDT Thu Apr 12 2007

Time source is NTP

Summer time starts 02:00:00 UTC Sun Mar 11 2007

Summer time stops 02:00:00 UTC Sun Nov 04 2007

FW# sh clo de

17:15:34.883 CDT Thu Apr 12 2007

Time source is NTP

Summer time starts 02:00:00 CST Sun Mar 11 2007

Summer time ends 02:00:00 CDT Sun Nov 4 2007

Correct Answer
marcabal Thu, 04/12/2007 - 14:51

Your offset should be -360.

The offset is in minutes not hours. Right now you are saying that CDT is only -6 MINUTES from GMT when what you want is -6 HOURS which is -360 MINUTES.

offset -360

Actions

This Discussion