The PIX doesn't support NTP (either to poll from or server). You'll want to
have your external router polling a few outside sources, and have it provide
clock for the inside. NTP uses udp/123, so if you right a tight firewall
that's what you have to open up to that outside router. Also, lower end
IOS/older routers don't support the full NTP protocol, but often do support
SNTP.
I'd also suggestion setting your logging to use localtime, and establishing
your timezone:
service timestamps debug uptime
service timestamps log datetime msec localtime show-timezone
clock timezone PST -8
clock summer-time PDT recurring
! full NTP support
ntp master
ntp server 63.192.96.2
ntp server 63.172.195.4
ntp server 132.239.254.5
I suggest first setting the servers, then make sure that you can sync, and
then set the master (otherwise it may sync with itself if the others don't
work, but say "syncronized" even though it isn't sync'd to anything
external). Check it out with:
show ntp associations
show ntp status
! sntp only server:
sntp server 63.192.96.2
sntp server 63.172.195.4
sntp server 132.239.254.5
>From here you only get:
show sntp
--
Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+
List email: [EMAIL PROTECTED]
Homepage: http://jason.artoo.net/
""EA Louie"" wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> ntp server a.b.c.d ! where a.b.c.d is your external clock source
> ntp source ethernet0 ! where ethernet0 is the interface that you use to
feed
> time to the rest of the network
>
> It automatically generates ntp clock-period.
>
> I don't remember the PIX supporting even taking time from an NTP server,
> much less being an NTP Master
>
> -e-
> ----- Original Message -----
> From: "Michael Snyder"
> To:
> Sent: Monday, April 16, 2001 9:40 AM
> Subject: NTP Server/Master (Sample Config?) [7:789]
>
>
> > I need to setup a 3600 to update it's clock, then supply it's time to
the
> > rest of a internal network.
> >
> > I've seen this in done in about 4 lines, but can't find it now on CCO.
> >
> > Anyone have a sample config they can post?
> >
> >
> >
> > Second question, Can a pix be a NTP Master/Server?
> >
> >
> > Thanks in advance,
> >
> > --
> > Michael Snyder
> > NOC Engineer
> > CCNP-Security, MCSE,CCDP,CCIE-Written
> > [EMAIL PROTECTED]
> > ICQ#17424414
> >
> > WAMS
> > 273 E. Hacienda Ave
> > Campbell, CA 95008
> > (408) 341-1530
> > FAQ, list archives, and subscription info:
> http://www.groupstudy.com/list/cisco.html
> > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
> FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=824&t=789
--------------------------------------------------
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
