This lab is following on from part 1 here installing a DHCP server on Ubuntu 18.04. If you haven’t read part 1 yet do that by clicking here – Make sure you watch that part 1st as it covers the IP addressing and connection to the ASA. Because we are using a security platform (the Cisco ASA) one of the fundamental factors is making sure that the time is synchronised across all devices to prevent an attacker from manipulating any time sensitive information. The primary method for doing this is by
using NTP (Network Time Protocol). So let’s take a look at our topology and I’ve highlighted the part that we’ll be using:
Elevate user to have root privileges
First thing we need to do is ensure that we have root access to the box so that we don’t have to keep typing sudo at the beginning of every command:
Update Libraries and Packages
When doing a new installation on Linux platforms, sometimes some of the libraries and packages are not updated – so we’re going take care of that now
Once the libraries and packages have been updated then we can get on with actually installing NTP on our Linux box.
Install & Configure NTP Server
Now we can proceed to start installing our NTP protocol and we type Y and enter when asked to complete the installation.
Then we should be able to confirm if the package has been installed and what version it is.
We can change the default pool of NTP servers by accessing it through accessing the /etc/ directory and then using nano ntp.conf,
but I’m happy using the default pool of NTP servers for now. Let’s see the status of the ntp server:
And that’s it for the NTP installation on Ubuntu 18.04!!
All that’s left is to confirm it by making some configuration changes on a device that needs to receive it’s time by NTP.
Set Cisco ASA to receive NTP from External Source
It would be no good to set up our Ubuntu 18.04 Linux NTP server without actually testing that it works.
So the whole reason that I was testing this was because I created a Cisco ASA Firewall course and as part of the ASA System Management
section was that I needed a NTP server. To test this out I changed the date & time on the ASA so that it was ‘out of sync.’
Then I set the ASA to receive NTP from an external source (the Linux server is connected to the internet to receive its NTP)
and there are no access-lists blocking UDP port 123 (NTP uses UDP port 123).
This will usually takes a few minutes to come up – but keep running the “show ntp status” command and eventually you should see:
And for verification
Nice. Catch you in the next one 😉