PDF《ASA/PIX：有和没有 IPSec 隧道的 NTP 配置示例》

20 match address outside_cryptomap_20 crypto map outside_map

20 set peer 10.10.10.1 crypto map outside_map

20 set transform-set ESP-AES-256-SHA crypto map outside_map interface outside isakmp enable outside isakmp policy

10 authentication pre-share isakmp policy

10 encryption aes-256 isakmp policy

10 hash sha isakmp policy

10 group

5 isakmp policy

10 lifetime

86400 tunnel-group 10.10.10.1 type ipsec-l2l tunnel-group 10.10.10.1 ipsec-attributes pre-shared-key * telnet timeout

5 ssh timeout

5 console timeout

0 ! class-map inspection_default match default-inspection-traffic ! ! policy-map global_policy class inspection_default inspect dns maximum-length

512 inspect ftp inspect h323 h225 inspect h323 ras inspect netbios inspect rsh inspect rtsp inspect skinny inspect esmtp inspect sqlnet inspect sunrpc inspect tftp inspect sip inspect xdmcp ! service-policy global_policy global !--- Define the NTP server autentication-key,Trusted-key !--- and the NTP server address for configuring NTP. ntp authentication- key

1 md5 * ntp trusted-key

1 !--- The NTP server source is to be mentioned as outside for ASA2. ntp server 172.22.1.161 key

1 source outside Cryptochecksum:d5e2ee898f5e8bd28e6f027aeed7f41b : end ASA# 验证 本部分提供的信息可帮助您确认您的配置是否可正常运行. 命令输出解释程序工具(仅限注册用户)支持某些 show 命令,使用此工具可以查看对 show 命令 输出的分析. show ntp........