NTP Sync from untrust interface of Cisco VPN Router running IPSec to inside

Unanswered Question

Hi, I am having problems getting one of my routers update its clock via ntp.

The problem is as follows;

I have an NTP time server sitting on the inside of my trusted network at Head Office. My router at the remote site connects to the Head Office via a Site-to-Site IPSec tunnel. This router performs NAT hiding internal traffic from the trusted network. Encryption is performed on interesting traffic.

Since I already have an IPSec tunnel from the remote site to the Head Office I have simply created a crypto for the untrusted interface to the subnet the server sits on (note that I also have a crypto/interesting traffic for a subnet in the remote branch to the same subnet where the server sits).

Theorectically this should work but isn't... Any advice on on what I may be doing wrong?


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Collin Clark Thu, 12/06/2007 - 15:36
User Badges:
  • Purple, 4500 points or more

Why not source NTP from a trusted interface or loopback?

RTR3725-1(config)#ntp source ?

Async Async interface

BVI Bridge-Group Virtual Interface

CTunnel CTunnel interface

Dialer Dialer interface

FastEthernet FastEthernet IEEE 802.3

Loopback Loopback interface

MFR Multilink Frame Relay bundle interface

Multilink Multilink-group interface

Null Null interface

Port-channel Ethernet Channel of interfaces

Serial Serial

Tunnel Tunnel interface

Vif PGM Multicast Host interface

Virtual-Template Virtual Template interface

Virtual-TokenRing Virtual TokenRing

Vlan Catalyst Vlans

XTagATM Extended Tag ATM interface



This Discussion