12-06-2007
08:04 AM
- last edited on
02-21-2020
11:17 PM
by
cc_security_adm
Hi, I am having problems getting one of my routers update its clock via ntp.
The problem is as follows;
I have an NTP time server sitting on the inside of my trusted network at Head Office. My router at the remote site connects to the Head Office via a Site-to-Site IPSec tunnel. This router performs NAT hiding internal traffic from the trusted network. Encryption is performed on interesting traffic.
Since I already have an IPSec tunnel from the remote site to the Head Office I have simply created a crypto for the untrusted interface to the subnet the server sits on (note that I also have a crypto/interesting traffic for a subnet in the remote branch to the same subnet where the server sits).
Theorectically this should work but isn't... Any advice on on what I may be doing wrong?
Thanks
12-06-2007 03:36 PM
Why not source NTP from a trusted interface or loopback?
RTR3725-1(config)#ntp source ?
Async Async interface
BVI Bridge-Group Virtual Interface
CTunnel CTunnel interface
Dialer Dialer interface
FastEthernet FastEthernet IEEE 802.3
Loopback Loopback interface
MFR Multilink Frame Relay bundle interface
Multilink Multilink-group interface
Null Null interface
Port-channel Ethernet Channel of interfaces
Serial Serial
Tunnel Tunnel interface
Vif PGM Multicast Host interface
Virtual-Template Virtual Template interface
Virtual-TokenRing Virtual TokenRing
Vlan Catalyst Vlans
XTagATM Extended Tag ATM interface
HTH
12-10-2007 01:39 AM
Ok, I'll try this and see if it works. Thanks
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide