but my problem is more complexity.

there are two networks different separated by a firewall. The network where NTP server is external as well as DNS server and I do not have the possibility of knowing their address IP. the network that I configuring(intern) must go to seek hour on this address " ntp.srv.u". Is the question is, that feasible?

Hello Xavier,

your router needs to consult a DNS server that can be internal.

the firewall has to be configured to allow DNS requests from inside to outside and the answers

Then real problem is that also the FW doesn't know the ip address of the NTP server

so or you open all udp port 123 with source the router and destination any or you need something similar to CBAC:

the firewall can allow the answer after having seen the first udp packet from the router to the NTP server (once the ntp ip address is solved)

both requirements on UDP traffic (DNS and NTP) can be met by using a firewall

A firewall permits the return traffic of flows that are started from the most trusted interface to the less trusted (inside to outside)

this is default behaviour with PIX and ASA.

However, if there is an ACL applied inbound to inside you may need to add lines for DNS and NTP flows to permit them.

So saying it shortly, yes this is feasible.

Hope to help

Giuseppe

thanks giuseppe

if i have another question, i will be back.

xavier