Cisco ASA Clock Configuration

The Cisco ASA firewall has a battery on the motherboard that saves the clock settings. Even when it’s is powered off, the clock will be stored. There are two important reasons why you want to make sure that your ASA has the correct date/time:

  • In case of a security breach you want to track log files for events. With an incorrect timestamp, your log files are useless.
  • PKI (Public Key Infrastructure) that we use for digital certificates to authenticate remote users (IPSEC or SSL VPN) requires the correct date/time.

The most simple method is to configure the date/time manually, you can do it like this:

ASA1(config)# clock set 13:15:00 Dec 19 2014

Just use the clock set command and enter the correct time/date. You can verify it like this:

ASA1# show clock
13:15:15.709 UTC Fri Dec 19 2014

As you can see, the default timezone is UTC. If you are in another timezone like me then you have to change this:

ASA1(config)# clock timezone CET +1

Use the clock timezone command to change the timezone. You can pick whatever name you want for the timezone but you have to specify the offset from UTC. CET is 1 hour ahead of UTC so that’s why I configured +1.

Here in the Netherlands (and most of central Europe) we use summertime, it’s called CEST (Central Europe Summer Time) and we have to tell the ASA when it starts and ends:

ASA1(config)# clock summer-time CEST recurring last Sun Mar 02:00 last Sun Oct 03:00

Summertime starts at the last sunday in march at 02:00 and ends on the last sunday in October, 03:00.

Instead of configuring the clock manually, it’s better to use a external NTP server to keep your clock synchronized. You can configure the NTP client on the ASA like this:

We're Sorry, Full Content Access is for Members Only...

If you like to keep on reading, Become a Member Now! Here is why:

  • Learn any CCNA, CCNP and CCIE R&S Topic. Explained As Simple As Possible.
  • Try for Just $1. The Best Dollar You've Ever Spent on Your Cisco Career!
  • Full Access to our 660 Lessons. More Lessons Added Every Week!
  • Content created by Rene Molenaar (CCIE #41726)

505 Sign Ups in the last 30 days

satisfaction-guaranteed
100% Satisfaction Guaranteed!
You may cancel your monthly membership at any time.
No Questions Asked!

Tags:


Ask a question or start a discussion by visiting our Community Forum