Cisco ASA - How to configure NTP. [TESTED]

It’s impossible to configure FQDN as NTP server, IP address only. So, we need to know IP address of 0.pool.ntp.org. Why if we have no access to nslookup available on local PC to resolve hostname to IP address?

• Enabling DNS:

conf t
 dns domain-lookup outside
 dns name-server 8.8.8.8

• Resolving to the IP address:

ASA# ping 0.pool.ntp.org
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 204.9.136.253, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 90/94/100 ms
ASA#
ASA# show dns-hosts

Host                     Flags      Age Type   Address(es)
0.pool.ntp.org           (temp, OK) 0    IP    66.228.42.59  71.162.208.227
                                               74.120.8.2  174.46.133.243
ASA#

• Configuring TimeZone and NTP:

conf t
 clock timezone MSK +3
 clock summer-time MSD recurring
 ntp server 66.228.42.59 prefer
 ntp server 71.162.208.227

• Checking:

ASA# show clock
00:07:28.599 MSK Sun Jan 4 2015
ASA#
ASA# sh run ntp
ntp server 66.228.42.59 prefer
ntp server 71.162.208.227
ASA#
ASA# show ntp associations
      address         ref clock     st  when  poll reach  delay  offset    disp
*~69.55.54.17      209.51.161.238    2     4    64  377    85.8  -31.05    18.5
+~69.50.219.51     66.228.59.187     3    18    64  377    67.9  -35.96    17.1
 * master (synced), # master (unsynced), + selected, - candidate, ~ configured
ASA#

• Note that initial time synchronization process takes time (2 minutes or so) and you can’t make it faster (no any parameters available in ASA CLI).

Admin area