Wireless router and NTP access

Ii have a Cisco E4200 Wireless router set up on our network to temporarily allow guest access. I configured the router for NTP and specified the NTP servers that I want the router to poll. Now when I look at our firewall I see traffic from the guest network from the router to multiple NTP servers over port 123.

If I specified the NTP servers to be used why would there be additional requests from my router to additional NTP servers?

Thanks.
snowmizerAsked:
Who is Participating?

Improve company productivity with a Business Account.Sign Up

x
 
SouljaConnect With a Mentor Commented:
I bet it has it's own servers that coded in it to use. Cisco don't seem to say much about it for this model.
0
 
SouljaCommented:
What leads you to believe it's sending additional requests? It is trying to contact ips or dns names you didnt' specify?
0
 
snowmizerAuthor Commented:
Yep. I see traffic in my firewall logs with my router as the source and various NTP servers as the destination. All traffic is on udp port 123.
0
Improve Your Query Performance Tuning

In this FREE six-day email course, you'll learn from Janis Griffin, Database Performance Evangelist. She'll teach 12 steps that you can use to optimize your queries as much as possible and see measurable results in your work. Get started today!

 
PapertripCommented:
Are the NTP servers you put in there using round-robin DNS?
0
 
snowmizerAuthor Commented:
I can't tell that because the NTP servers I am using are public NTP servers. How could round-robin DNS affect which NTP servers my router is accessing? Are you thinking that DNS is returning multiple NTP servers because of round-robin DNS? I've got the actual IP address configured in my NTP settings on my router so would round-robin DNS still play a role in this case?

Thanks.
0
 
PapertripCommented:
Round-robin DNS would definitely produce the results you see.  If you have a hostname that resolves to 5 IP's, then you will hit different servers instead of just the same one over and over.

However!  If you have the IP addresses in your settings, then round-robin dns becomes a non-issue.

What do the log excerpts look like?  Paste if possible.
0
 
snowmizerAuthor Commented:
Sample logs (changes have been made to protect sensitive data):

Sep 08 2011 12:46:17 DevName : %ASA-4-106023: Deny udp src Guests_Network:192.168.x.x/34205 dst outinterface173.201.38.85/123 by access-group "Guests_Network_ACL" [0x0, 0x0]
Sep 08 2011 12:46:12 DevName : %ASA-4-106023: Deny udp src Guests_Network:192.168.x.x/34204 dst outinterface209.114.111.1/123 by access-group "Guests_Network_ACL" [0x0, 0x0]
Sep 08 2011 12:45:36 DevName : %ASA-4-106023: Deny udp src Guests_Network:192.168.x.x/34203 dst outinterface169.229.70.95/123 by access-group "Guests_Network_ACL" [0x0, 0x0]
Sep 08 2011 12:45:31 DevName : %ASA-4-106023: Deny udp src Guests_Network:192.168.x.x/34202 dst outinterface199.249.223.123/123 by access-group "Guests_Network_ACL" [0x0, 0x0]
Sep 08 2011 12:45:26 DevName : %ASA-4-106023: Deny udp src Guests_Network:192.168.x.x/34201 dst outinterface173.201.38.85/123 by access-group "Guests_Network_ACL" [0x0, 0x0]
Sep 08 2011 12:44:50 DevName : %ASA-4-106023: Deny udp src Guests_Network:192.168.x.x/34200 dst outinterface199.249.223.123/123 by access-group "Guests_Network_ACL" [0x0, 0x0]
Sep 08 2011 12:44:45 DevName : %ASA-4-106023: Deny udp src Guests_Network:192.168.x.x/34199 dst outinterface24.149.253.214/123 by access-group "Guests_Network_ACL" [0x0, 0x0]
Sep 08 2011 12:44:40 DevName : %ASA-4-106023: Deny udp src Guests_Network:192.168.x.x/34198 dst outinterface69.167.160.102/123 by access-group "Guests_Network_ACL" [0x0, 0x0]
Sep 08 2011 12:43:20 DevName : %ASA-4-106023: Deny udp src Guests_Network:192.168.x.x/34194 dst outinterface24.149.253.214/123 by access-group "Guests_Network_ACL" [0x0, 0x0]
Sep 08 2011 12:43:15 DevName : %ASA-4-106023: Deny udp src Guests_Network:192.168.x.x/34193 dst outinterface69.167.160.102/123 by access-group "Guests_Network_ACL" [0x0, 0x0]
0
 
SouljaCommented:
If it's trying to hit those ip address then there still must be a setting enabled in addition to your server.
0
 
SouljaCommented:
Can you post a screen shot of where you are configuring this on the router. I do know that many soho routers only allow NTP through their wan ports. The servers you configured are on the LAN or WAN?
0
 
snowmizerAuthor Commented:
Hummm...I may have to pull the router and look at the config again. Is it possible for it to just use its own "default NTP" servers?
0
 
snowmizerAuthor Commented:
They are public NTP servers on the Internet...so WAN. I don't have access to the router currently because it's not plugged in. We only plug it in when we need it.
0
 
snowmizerAuthor Commented:
That's kind of where I was at....once you enable NTP it will try to go out and access the list it has no matter if you put in IP addresses or not. If I look for the addresses I put in the config I don't see any traffic from the router to my NTP IPs. So basically it's pointless to put in an IP in this case. :)

I had just set the firewall rules to allow only traffic from this router to this particular IP over ntp but may have to rethink that.

Thanks.
0
 
SouljaCommented:
Yeah, you may just need to allow from that router to one or two of the ntps it's trying to hit.
0
 
snowmizerAuthor Commented:
Thanks for all of the help. We decided how we were going to handle NTP from this router and have moved on.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.