Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

NTP Sync from untrust interface of Cisco VPN Router running IPSec to inside

Hi, I am having problems getting one of my routers update its clock via ntp.

The problem is as follows;

I have an NTP time server sitting on the inside of my trusted network at Head Office. My router at the remote site connects to the Head Office via a Site-to-Site IPSec tunnel. This router performs NAT hiding internal traffic from the trusted network. Encryption is performed on interesting traffic.

Since I already have an IPSec tunnel from the remote site to the Head Office I have simply created a crypto for the untrusted interface to the subnet the server sits on (note that I also have a crypto/interesting traffic for a subnet in the remote branch to the same subnet where the server sits).

Theorectically this should work but isn't... Any advice on on what I may be doing wrong?



Re: NTP Sync from untrust interface of Cisco VPN Router running

Why not source NTP from a trusted interface or loopback?

RTR3725-1(config)#ntp source ?

Async Async interface

BVI Bridge-Group Virtual Interface

CTunnel CTunnel interface

Dialer Dialer interface

FastEthernet FastEthernet IEEE 802.3

Loopback Loopback interface

MFR Multilink Frame Relay bundle interface

Multilink Multilink-group interface

Null Null interface

Port-channel Ethernet Channel of interfaces

Serial Serial

Tunnel Tunnel interface

Vif PGM Multicast Host interface

Virtual-Template Virtual Template interface

Virtual-TokenRing Virtual TokenRing

Vlan Catalyst Vlans

XTagATM Extended Tag ATM interface


New Member

Re: NTP Sync from untrust interface of Cisco VPN Router running

Ok, I'll try this and see if it works. Thanks

CreatePlease login to create content