NTP traffic use UDP port 123 and it needs to be permitted through the network firewall to Sync Server with client.
- If there is no rule specific rule configured on outbound traffic ,NTP traffic will be allowed by default from security level 100 to Security level 0.
- If you have specific access-list defined on traffic going outbound than in that case, we must allow NTP.
Refer to below diagram to understand access rules:
Run below command on ASA to check if there is any access-group defined on interface for outbound traffic.
ASAINB# show run access-group
Define below access-list on ASA to allow NTP traffic:
1.To allow traffic from all clients to outside.
ASAINB# access-list outbound extended permit udp any any eq 123
*in above command, instead of 123 you can also use ntp
2.To allow traffic from local to specific NTP Server.
ASAINB# access-list outbound extended permit udp any host 209.164.1.55 eq 123
*in above command, instead of 123 you can also use ntp
After this apply this access list to interface with below command
ASAINB# access-group outbound in interface inside