Hi,
I have a client that has a PIX facing the internet. Internally, the client has set up a DMZ and has allowed ssh access to a server. This server also needs to sync to three external NTP time sources, but here lies the problem:
The client has added the following rule for NTP:
Does "client" stand for "customer"?
This allows udp communication from any source port to 123 only.
I don't think so because thye rule above includes also ntpq (I rely on what you say about ntpq behavior)
Anyway while trying to mae ntpq work, have alook at PIX logs. If something is denied it will tell you.
Alex
Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.