Configuring and Verifying the
Network Time Protocol
It is accessible to aloof set the alarm and time on a distinct PIX firewall, but aggravating to
set an authentic time and date brand on assorted Cisco PIX firewalls can be a
serious and time-consuming administration problem. A adopted band-aid is to use
the Network Time Protocol (NTP). NTP uses servers as the adept reference
point, and the NTP client, in this case a PIX firewall, will use the NTP server to
get authentic time.The NTP server gets its own time from a radio antecedent or
atomic clock.The NTP servers accept on UDP anchorage 123 for requests.The Cisco
PIX firewall queries an NTP server and updates its clock. Once NTP is configured
on the all the PIX firewalls, all the log files will accept constant and accurate
timestamps.
There are two strata, or classes, of NTP servers. Degree 1 NTP servers are
directly affiliated to the time source. Degree 2 servers are the additional akin and
consider Degree 1 servers to be authoritative. Cisco supports alone Degree 2
servers.
You can get the time from accessible Degree 2 servers on the Internet or you
configure your own NTP server on the LAN or WAN. A quick chase for public
NTP servers on the Internet reveals abounding accessible NTP Degree 2 servers that
you can use.To accredit the Cisco PIX Firewall NTP client, use the following
command:
ntp server
The ip_address constant specifies the IP abode of the NTP server from
which you appetite the Cisco PIX to get its time.The interface constant specifies
the antecedent interface on which the PIX firewall will acquisition the NTP server.To
remove an NTP server, use the afterward command:
no ntp server
The afterward archetype shows this command and how to analysis the configuration
to accomplish abiding the PIX is talking with the timeserver accurately application the
show ntp cachet and appearance ntp affiliation commands:
www.syngress.com
Configuring System Administration • Chapter 6 325
PIX1(config)# ntp server 192.168.1.3 antecedent inside
PIX1(config)# appearance ntp status
Clock is unsynchronized, degree 16, no advertence clock
nominal freq is 99.9967 Hz, absolute freq is 99.9967 Hz, attention is 2**6
reference time is 00000000.00000000 (06:28:16.000 UTC Thu Feb 7 2036)
clock account is -4.0684 msec, basis adjournment is 0.00 msec
root burning is 0.00 msec, associate burning is 15875.02 msec
PIX1(config)# appearance ntp associations
address ref alarm st back poll ability adjournment offset
disp
"192.168.1.3 0.0.0.0 16 - 64 0 0.0 0.00
16000.
master (synced), # adept (unsynced), + selected, - candidate, "
configured
You can appearance the NTP agreement application the appearance ntp command in Enable
mode.To annul the NTP configuration, all you charge to do is access the bright ntp
command in Agreement mode.That’s it; the NTP agreement will be
completely cleared.