Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Attention: The Community will be in read-only mode on 12/14/2017 from 12:00 am pacific to 11:30 am.

During this time you will only be able to see content. Other interactions such as posting, replying to questions, or marking content as helpful will be disabled for few hours.

We apologize for the inconvenience while we perform important updates to the Community.

New Member

NTP with domain name

hi,

is it possible configuring 3560 in this way without knowing ip address of the server ntp ?

"ntp server ntp.srv.u"

thanks

4 REPLIES
Hall of Fame Super Silver

Re: NTP with domain name

Hello Xavier,

yes it should be possible see from one of my routers (a c6500 with old sup1A and 12.1E):

ntp server ?

Hostname or A.B.C.D IP address of peer

vrf VPN Routing/Forwarding Information

the hostname is an accepted option

you need also to provide a DNS server for the router to be able to resolve the hostname

Hope to help

Giuseppe

New Member

Re: NTP with domain name

but my problem is more complexity.

there are two networks different separated by a firewall. The network where NTP server is external as well as DNS server and I do not have the possibility of knowing their address IP. the network that I configuring(intern) must go to seek hour on this address " ntp.srv.u". Is the question is, that feasible?

Hall of Fame Super Silver

Re: NTP with domain name

Hello Xavier,

your router needs to consult a DNS server that can be internal.

the firewall has to be configured to allow DNS requests from inside to outside and the answers

Then real problem is that also the FW doesn't know the ip address of the NTP server

so or you open all udp port 123 with source the router and destination any or you need something similar to CBAC:

the firewall can allow the answer after having seen the first udp packet from the router to the NTP server (once the ntp ip address is solved)

both requirements on UDP traffic (DNS and NTP) can be met by using a firewall

A firewall permits the return traffic of flows that are started from the most trusted interface to the less trusted (inside to outside)

this is default behaviour with PIX and ASA.

However, if there is an ACL applied inbound to inside you may need to add lines for DNS and NTP flows to permit them.

So saying it shortly, yes this is feasible.

Hope to help

Giuseppe

New Member

Re: NTP with domain name

thanks giuseppe

if i have another question, i will be back.

xavier

370
Views
0
Helpful
4
Replies
CreatePlease to create content