Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Attention: The Cisco Support Community site will be in read only mode on Dec14, 2017 from 12:01am PST to 11:30am for standard maintenance. Sorry for the inconvenience.

New Member

Time server don't receive an answer with time protocol.

Hello,

Well I have a Pix and a Windows server on my protected network.

Since I made the upgrade from windows 2000 to Windows 2003 (SP2), the time server lost his connection with the remote time server.

This transition from Windows 2000 to windows 2003 means indeed a transition from SNTP to NTPv3.

With Whireshark on the unprotected side of the Pix, the NTP pass nicely to the time server but I don't indeed receive an answers anymore from the remote time server.

On the other hand, if I put my Windows 2003 test server on the unprotected side of the Pix, the time server works.

But If I put that test server on the protected side of the pix, it doesn't work anymore.

So does somenone know about a problem of latency, hop of smth that the Pix could induce on a connection (type symetric active) to a remote time server? And maybe, what I could do about it?

Regards,

Laurent.

NB: I attached the whireshart sampling of my ntp request.

2 REPLIES
Cisco Employee

Re: Time server don't receive an answer with time protocol.

I assume you are natting the 192.168.x.x address somewhere before the internet?  You said that this capture is from the unprotected side of the pix so I wonder if you are natting it on another device?

New Member

Re: Time server don't receive an answer with time protocol.

I assume you are natting the 192.168.x.x address somewhere before the internet?

Well, I have 2 levels of nat.

One on the pix with a static nat on the NTP port {static (inside,outside) udp 192.168.53.9 123 192.168.53.9 123 netmask 255.255.255.255 0 0}

And one on the router which is on the unprotected side of the pix.

You said that this capture is from the unprotected side of the pix so I wonder if you are natting it on another device?

The nat is from the server adress to itself (you can read the command before).

Do you think the two consecutives Nat could have scramble the signal?

Anyway thanks for your help.

Regards,

           Laurent

206
Views
0
Helpful
2
Replies
CreatePlease to create content