Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

NTP peering with a PIX firewall?

Hello everyone,

I have a couple of routers outside a pix firewall that need NTP service.

Due to some routing and NAT "issues" I cant get to the real NTP servers.

Is it possible to peer to a PIX firewall (6.3)?

I would use:

switch(config)#ntp peer Pix-IP

Is it possible?

Thanks,

Vlad

1 REPLY

Re: NTP peering with a PIX firewall?

Q: Is it possible to peer to a PIX firewall (6.3)?

A: No, as PIX ver 6.2 or higher allows the PIX Firewall to function as a client for Network Time Protocol (NTP) Version 3.0 servers.

http://www.cisco.com/en/US/partner/products/sw/secursw/ps2120/products_configuration_guide_chapter09186a0080172790.html#wp1035622

Correct me if I am wrong, but you mentioned that the routers are outside PIX, which they shouldn't have problem to sync with any external NTP Servers, as well as PIX itself. But of course, you'll have problem if you want them to sync with internal NTP Server.

If Routers need to sync with internal NTP Server (internal router, etc), you need to map the internal router with Public IP, or use PIX outside interface to redirect NTP data (tcp/udp-123, pref udp 123). Open ACL and allow ntp protocol only between outside routers and internal NTP server/router.

If routers are on internal network, open ACL and bind to inside interface - allow udp 123)

HTH

AK

137
Views
2
Helpful
1
Replies