We are using a Windows based server as the NTP server. However in order to configure NTP on the AIP-SSM, I need the NTP key ID and the NTP key value. How do one find that information or bypass it? Or is there a way to set the clock without using an NTP server. I disabled the NTP function hoping that it will use the firewall clock but it didn't.
Without NTP configuration, the SSM Should sync it's clock to that of the ASA.
Keep in mind though that the SSM will sync it's GMT time with the GMT time of the ASA so as to avoid any affect of timezones.
If both devices are configured for GMT, or both are configured with the same timezone (and same offset - you have to manually set the offset)
Then both devices will show the same time.
BUT if each device is configured for a different timezone and different offsets, then their times will look different. But if you convert their times back to GMT you should find that they should be in sync.
Understand, however, that the syncing of it's time to the ASA is not a constant syncing process (unlike NTP which is). So the ASA and SSM can drift apart over long periods of time.
So NTP is still the recommended method.
If you can't get the windows based ntp server to work, then try a Cisco Router:
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...