Introduction In this case, it is best to cut back and establish a server (physical or virtual, the same applies) that assigns all the devices and devices the same date and time, with distinction of their time zone, of course.
The best part is that in most cases we already have that server. The best option is probably to use our Active Directory. More precisely, the domain controller that executes the PDC emulator role. This server is responsible for synchronizing the date and time to all computers and servers that are added to the domain. That server, the domain controller with the role of PDC Emulator, should in turn be synchronized with an atomic internet clock (we'll see how in another Tutorial).
Cisco ASA / NTP The process is very simple. We will use the ntp server command with the following parameters:
ntp server ip-address [ex 192.168.1.2] source [interface, ej inside]
In this example, our domain controller uses the IP address 192.168.1.2 and access the server from our firewall with the inside interface.
So the command would be as shown below:
We can check the synchronization with our NTP server with the sh running-config ntp command.
We will ask date and time to the Firewall with the command sh clock :
It is very possible that we see that, apparently, it is correctly synchronized but that in reality the time is not correct. This is due to the time zone that the Firewall has defined.
To solve that we will establish the time zone with the clock timezone command. Now we can see how both the date and the time is correct. The clock time zone command must be accompanied by the number of hours of difference (backwards or forwards) with respect to the Greenwich Meridian. For example, for Argentina, the corresponding value would be -3. With this simple steps we would have configured the synchronization of our CISCO ASA 5500 with the NTP service. Ricardo Quagliano