NTP traffic use UDP port 123 and it needs to be permitted through the network firewall to Sync Server with client.

  1. If there is no rule specific rule configured on outbound traffic ,NTP traffic will be  allowed by default from security level 100 to Security level 0.
  2. If you have specific access-list defined on traffic going outbound than in that case, we must allow NTP.

Refer to below diagram to understand access rules:

Run below command on ASA to check if there is any access-group defined on interface for outbound traffic.

 

ASAINB# show run access-group

Define below access-list on ASA to allow NTP traffic:

1.To allow traffic from all clients to outside.

ASAINB# access-list outbound extended permit udp any any eq 123

*in above command, instead of 123 you can also use ntp

 

2.To allow traffic from local to specific NTP Server.

ASAINB# access-list outbound extended permit udp any host 209.164.1.55 eq 123

*in above command, instead of 123 you can also use ntp

 

After this apply this access list to interface with below command

ASAINB# access-group outbound in interface inside