The importance of time should not be under estimated. NTP allows synchronisation of clock information across your network. I am labbing my ASA inside GNS3 and want to set up a router to be the Timekeeper! The idea of this firewall and IDS is to effectively deal with threats. It is paramount that time is synchronized amongst our devices for investigative reasons.
Requirements
- Define NTP server on R1
- Define an NTP key with the number 10
- Set password as Cisco
- Use MD5 encryption
[dropdown_box expand_text=”Lab Answers” show_more=”Show” show_less=”Hide” start=”hide”]
Now let us set the time. I work in AEST due to the fact I live in Melbourne so we need to add +10. Remember to set the Time initially to UTC because we will add our timezone
clock set 1:52:00 28 May 2012 ntp master 2 ntp authentication-key 10 md5 ciscoinferno ntp trusted-key 10clock timezone AEST +10 0 May 28 01:52:50.695: %SYS-6-CLOCKUPDATE: System clock has been updated from 01:52:50 UTC Mon May 28 2012 to 11:52:50 AEST Mon May 28 2012, configured from console by console.
Now that we have defined the source of our time we can set up where the ASA will reference the time! Note that we first define NTP server then the source interface. We them match the authentication keys as requested by the brief. Timezone is also set locally and not passed via NTP.
ntp server 192.168.4.2 source INSIDE ntp authenticate ntp authentication-key 10 md5 ciscoinferno ntp trusted-key 10 clock timezone AEST +10 0
Now it may take a couple of minutes for synchronization to occur. Issue show ntp associations on the ASA.
ASA1# sh ntp association address ref clock st when poll reach delay offset disp *~192.168.4.2 127.127.7.1 2 28 64 377 18.3 -28.06 53.9 * master (synced), # master (unsynced), + selected, - candidate, ~ configured
[/dropdown_box]
But when a device is reloaded in GNS3 the clock setting is lost and it takes a few minutes for ntp resync during which time the clock is mar 2012!