Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
348
Views
0
Helpful
1
Replies

NTP Pass through PIX525

amexadmin
Level 1
Level 1

‎11-03-2008 02:44 AM - edited ‎03-11-2019 07:07 AM

We have servers which we want to get clocking info from public NTP servers on the net.

How do we configure our firewall to allow NTP traffic to pass through?

Labels:
0 Helpful
1 Reply 1

Jon Marshall
Hall of Fame
Hall of Fame

‎11-03-2008 03:12 AM

Are you restricting traffic on the inside interface of your pix ?

If so you will need to allow through requests to an NTP server

object-group network servers

network-object host 192.168.5.10

network-object host 192.168.5.11

object-group network NTP_servers

network-object host x.x.x.x

network-object host x.x.x.x

access-list inside_out permit udp object-group servers object-group NTP_servers eq 123

This will allow outbound requests to external NTP servers. The return packets should be allowed in because of the stateful nature of the pix (pseudo-stateful in terms of UDP).

If you are not restricting outbound access then you shouldn't need to do anything.

Note - the above assumes that you have all your NAT setup correctly.

Jon

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card