I have an ASA5510 connected to a computer running Windows 7 (the NTP Server) on its "inside" interface.
Using the ASDM, I have configured the ASA5510 to use the Windows 7 as its NTP server (my architecture forces me to use a local machine as an NTP server):
-IP address: 220.127.116.11 (the ASA5510 has an IP address of 18.104.22.168)
-Key number: None
-Enable NTP authentication: no.
I have other Windows computers on the "inside" interface using the NTP Server, so NTP traffic is relayed without any problem. But somehow, the ASA5510 is not able to synchronize with the NTP Server.
I see the following log entry:
-Source IP: 22.214.171.124
-Source Port: 123
-Destination IP: 126.96.36.199
-Destination port: 65535
-Description: Teardown UDP connection 3905 for inside: 188.8.131.52/123 to identity: 184.108.40.206/65535 duration 0:02:01 bytes 96
so it seems like the ASA5510 sends a request to the NTP Server, but I am not sure whether the reply doesn't get processed correctly, or the connection stays open too long (my UDP connection timeout is the default, 2 minutes).
I had trouble getting SonicWALL NSA2400s to use Windows 7 devices as NTP servers. I had to get a firmware version where there was no MD5 authentication (which I think is OK in this case), and change a setting in the Windows registry (HKEY_LOCAL_MACHINE/SYSTEM/CurrentControlSet/services/W32Time/Config/AnnounceFlags: from 0xa to 0x5)
I have turned on all ntp debugging, and run "show ntp status" and "show ntp assoc":
CCG-SHIP-FWL(config)# show debug debug ntp adjust enabled at level 1 debug ntp authentication enabled at level 1 debug ntp events enabled at level 1 debug ntp packets enabled at level 1 debug ntp params enabled at level 1 debug ntp select enabled at level 1 debug ntp sync enabled at level 1 debug ntp validity enabled at level 1
CCG-SHIP-FWL(config)# show ntp status Clock is unsynchronized, stratum 16, no reference clock nominal freq is 99.9984 Hz, actual freq is 99.9984 Hz, precision is 2**6 reference time is 00000000.00000000 (06:28:16.000 GMT Thu Feb 7 2036) clock offset is 0.0000 msec, root delay is 0.00 msec root dispersion is 0.00 msec, peer dispersion is 0.00 msec
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...