The Network Timing Protocol allows network appliances to take the current time from a configured NTP server; the NTP Server itself has to synchronize its clock against a higher level (stratum) server, available as public service on the internet.
The NTP relies on UDP protocol, and the server uses the well-known port 123 to accept the incoming requests from the NTP Clients.
Most of the network appliances run their NTP Clients over the UDP/123 port as well, establishing a symmetric communication with the server: both source port and the destination port is 123.
That's why many network administrators decide to configure their systems' firewalls allowing the NTP symmetric traffic only.
Consequently, NTP packets coming from a UDP port different from the 123 could be dropped.
If you Ulisse is experiencing problems in synchronizing with the NTP server, check if a firewall in the path is dropping the NTP packets.
Cisco's extended access-lists should be configured per destination-port:
permit udp any host <NTP Server> eq ntp
If your NTP Server is running on a Windows Server, check if the firewall is properly configured following the path:
Control Panel - Windows Firewall - Allow a program through W.F. - Add Port - UDP/123
Comments