Connect w/ Internet time-source through PIX 1

[DaveNeubauer]

I'm having trouble connecting to a NTP server on the Internet. My NT PDC is acting as the local time-source for other LAN equipment. The PDC connects to a PIX-515, and the PIX connects to a Cisco router on it's way to an external NTP server. My current config uses access-list commands, but should I consider conduits instead?

Would someone be able to provide the syntax for me? I can't seem to get the access-list command to work properly. Or perhaps some troubleshooting advice would be helpful.

TIA, DAve

 

[yizhar]

HI.

What is your pix OS version?
Do you have PDM on it?

The following links can help you:

http://www.cisco.com/warp/public/707/28.html

http://www.cisco.com/warp/public/110/pix_command_ref.shtml

The pixcript utility can also help you with the syntax of conduit versus access-list:

http://teachers.sivan.co.il/yizhar#pixcript

Do not mix conduit and access-list together as such configuration will be very problematic to manage.

I guess that this sample will do the trick:
static REGISTEREDIP PRIVATEIP
access-list fromoutside permit udp host TIMESERVER host REGISTEREDIP eq 123
access-list fromoutside permit tcp host TIMESERVER host REGISTEREDIP eq 123
access-group fromoutside in interface outside

You can and should use syslog messages for troubleshooting.

Bye
Yizhar Hurwitz

http://come.to/yizhar

http://teachers.sivan.co.il/yizhar