cannot manage to sync with ntp authentication

Unanswered Question
Feb 25th, 2009
User Badges:

ntp server whatever source outside prefer ... is working flawlessly but when I try:


...

name 192.5.41.209 server-ntp-USNO description US Naval Obervatory

name 128.115.14.97 server-ntp-LLL description Lawrence Livermore Laboratory

...

ntp authentication-key 1 md5 * (where * is an arbitrary 32-character string; ie: a user-defined random-string am I right ?)

ntp authentication-key 2 md5 * (another different one)

ntp authenticate

ntp trusted-key 1

ntp trusted-key 2

ntp server server-ntp-LLL key 2 source outside

ntp server server-ntp-USNO key 1 source outside prefer

...


the above example is more-or-less out of the PIX documentation but as you can see:


firewall# show ntp status


Clock is unsynchronized, stratum 16, no reference clock

nominal freq is 99.9984 Hz, actual freq is 99.9984 Hz, precision is 2**6

reference time is 00000000.00000000 (06:28:16.000 UTC Thu Feb 7 2036)

clock offset is 0.0000 msec, root delay is 0.00 msec

root dispersion is 0.00 msec, peer dispersion is 0.00 msec


firewall# show ntp associations detail


128.115.14.97 configured, insane, invalid, unsynced, stratum 16

ref ID 0.0.0.0, time 00000000.00000000 (06:28:16.000 UTC Thu Feb 7 2036)

our mode client, peer mode unspec, our poll intvl 64, peer poll intvl 64

root delay 0.00 msec, root disp 0.00, reach 0, sync dist 0.000

delay 0.00 msec, offset 0.0000 msec, dispersion 16000.00

precision 2**5, version 3

org time 00000000.00000000 (06:28:16.000 UTC Thu Feb 7 2036)

rcv time 00000000.00000000 (06:28:16.000 UTC Thu Feb 7 2036)

xmt time cd508e71.b903bb88 (03:43:45.722 UTC Thu Feb 26 2009)

filtdelay = 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00

filtoffset = 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00

filterror = 16000.0 16000.0 16000.0 16000.0 16000.0 16000.0 16000.0 16000.0


192.5.41.209 configured, insane, invalid, unsynced, stratum 16

ref ID 0.0.0.0, time 00000000.00000000 (06:28:16.000 UTC Thu Feb 7 2036)

our mode client, peer mode unspec, our poll intvl 64, peer poll intvl 64

root delay 0.00 msec, root disp 0.00, reach 0, sync dist 0.000

delay 0.00 msec, offset 0.0000 msec, dispersion 16000.00

precision 2**5, version 3

org time cd508e75.72d7dc0f (03:43:49.448 UTC Thu Feb 26 2009)

rcv time cd508e73.e8c22140 (03:43:47.909 UTC Thu Feb 26 2009)

xmt time cd508e73.b9046392 (03:43:47.722 UTC Thu Feb 26 2009)

filtdelay = 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00

filtoffset = 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00

filterror = 16000.0 16000.0 16000.0 16000.0 16000.0 16000.0 16000.0 16000.0


what I am doing wrong ?


pix804


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
sadbulali Tue, 03/03/2009 - 19:40
User Badges:
  • Bronze, 100 points or more

To enable the PIX Firewall NTP client, enter the following command:

[no] ntp server ip_address [key number] source if_name [prefer]

To enable authentication for NTP messages, enter the following command:

[no] ntp authenticate

[no] ntp authentication-key number md5 value

[no] ntp trusted-key number

The ntp authenticate command enables NTP authentication. If you enter this command, the PIX Firewall will not synchronize to an NTP server unless the server is configured with one of the authentication keys specified using the ntp trusted-key command.


nlariguet Tue, 03/03/2009 - 20:19
User Badges:

and WHAT is the difference from what I posted:


ntp authenticate

ntp authentication-key 1 md5 *

ntp trusted-key 1

ntp server server-ntp-USNO key 1 source outside prefer


to what you're saying:


[no] ntp authenticate

[no] ntp authentication-key number md5 value

[no] ntp trusted-key number


?

Actions

This Discussion