CCNA-CCSP Training – Setting the ASA System Clock

As a CCNA / CCSP candidate you are expected to understand how to set the system clock on your ASA device.Setting the correct time on the security appliance is probably one of the most important configuration sets you will need to take. The security appliance will use the system clock for time stamping the syslog messages prior to sending them, also the system clock is also checked when VPN tunnels are established using PKI (Public Key Infrastructure), since when the VPN peer presents the certificate to the security appliance the certificate’s validity is verified against the system clock, if the system clock is incorrect then the certificate will be invalid.Manual Clock Adjustment.Setting the clock on the security appliance is similar to setting the clock on a Cisco IOS router. Use the “clock set” command to adjust the system clock. When the clock is set the ASA will update it’s system BIOS that is powered by a battery situated on the motherboard, therefore when the ASA is power cycled the system time does not need to be reconfigured. If you want to adjust the system clock via the ASDM navigate to Configuration >Device Setup >System Time and enter a time zone, date and the time.The ASA will show the time according to the time zone, if keeps the time in Universal Time, Co-ordinated (UTC) and displays the time in which ever time zone you have configured. The ASA will also take into account daylight saving time (DST), although if you wanted to you could manually override the DST by entering either the specific date and time settings or recurring date and time settings.ASA(config)#clock summer-time GMT recurring 30 Thursday Sep 6:00 last Mon Apr 6:00Automatic Clock AdjustmentThe ASA device also allows the support of the Network Time Protocol (NTP) to synchronise the system clock to an NTP server, this is the preferred method for many administrator since they no longer have to keep the system clock updated, using the NTP to sync the clocks is very important when using PKI (Certificates) to authenticate devices or users.If you want to setup system clock to use NTP via the ASDM navigate to Configuration >Device Setup >System Time >NTP >Add and specify the:IP address of the NTP server.Preferred server tick box if two or more servers are specified and are equally accurate, you can prefer the ASA to choose one,Specify the interface out of which the NTP server is sourced,Key number and Key Value to specify the authentication key number and the key itself.Trusted key will specify am authentication key for all configured NTP servers.Authenticate, this is to enable authentication.To verify the NTP status run the following commandASA(config)#show ntp status

Get VPN Software!

ccna, ccna training, ccna courses, cisco ccna courses, cisco ccna training

Advertisements