ASA5520 CLOCK diviate from Microsoft AD server

Unanswered Question
Apr 1st, 2008
User Badges:

Dear all,

I setup the remote accesss vpn using active directory ldap, kerbi for authen and authro. It is works well but i am facing frequebt tunnel disconnections.Syslog shows that the clock setting bet AD server and ASA 10 minites different. After set the ASA time back to the AD time tunnel comes up. It is now frequent and i do not want the manual setting everytime.

Please help me how can i setup the time in sync.



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
rahmant Wed, 04/02/2008 - 03:23
User Badges:

How are both the 5520 and the AD server syncing time now? Are either/both configured for NTP?


cisco24x7 Wed, 04/02/2008 - 05:39
User Badges:
  • Silver, 250 points or more

I am not familiar with ms Active Directory but

if I am not mistaken, microsoft uses SNTP

(simple NTP) instead of the regular NTP like

Unix/Linux. I use Linux server to sync NTP

between the Pix and the Linux and it works


Using Microsoft may be is the source of the


CCIE Security

rahmant Wed, 04/02/2008 - 11:41
User Badges:

As cisco24x7 mentioned, you can set ntp on your ASA to automagically update time. Read up in the config guide for this - in 8.0, the section is under "getting started..." / "configuring basic settings" / "setting the date and time" / "setting the date and time using an ntp server"

From my understanding, AD servers typically already sync time amongst themselves - you should confirm that with your AD admin(s). If they're not using NTP to get updated time from the Internet or radio source, try to figure out why :)

If there's no reason not to, have your AD environment and your ASA sync NTP from a few good sources. You can find some public sources from here:


This Discussion