Cisco ASA Clock Configuration

The Cisco ASA firewall has a battery on the motherboard that saves the clock settings. Even when it’s is powered off, the clock will be stored. There are two important reasons why you want to make sure that your ASA has the correct date/time:

  • In case of a security breach you want to track log files for events. With an incorrect timestamp, your log files are useless.
  • PKI (Public Key Infrastructure) that we use for digital certificates to authenticate remote users (IPSEC or SSL VPN) requires the correct date/time.

The most simple method is to configure the date/time manually, you can do it like this:

ASA1(config)# clock set 13:15:00 Dec 19 2014

Just use the clock set command and enter the correct time/date. You can verify it like this:

ASA1# show clock
13:15:15.709 UTC Fri Dec 19 2014

As you can see, the default timezone is UTC. If you are in another timezone like me then you have to change this:

ASA1(config)# clock timezone CET +1

Use the clock timezone command to change the timezone. You can pick whatever name you want for the timezone but you have to specify the offset from UTC. CET is 1 hour ahead of UTC so that’s why I configured +1.

Here in the Netherlands (and most of central Europe) we use summertime, it’s called CEST (Central Europe Summer Time) and we have to tell the ASA when it starts and ends:

ASA1(config)# clock summer-time CEST recurring last Sun Mar 02:00 last Sun Oct 03:00

Summertime starts at the last sunday in march at 02:00 and ends on the last sunday in October, 03:00.

Instead of configuring the clock manually, it’s better to use a external NTP server to keep your clock synchronized. You can configure the NTP client on the ASA like this:

We're Sorry, Full Content Access is for Members Only...

If you like to keep on reading, Become a Member Now!

  • Learn any CCNA, CCNP and CCIE R&S Topic. Explained As Simple As Possible.
  • Try for Just $1. The Best Dollar You’ve Ever Spent on Your Cisco Career!
  • Full Access to our 800 Lessons. More Lessons Added Every Week!
  • Content created by Rene Molenaar (CCIE #41726)
535 Sign Ups in the last 30 days
satisfaction-guaranteed

  • 100% Satisfaction Guaranteed!
  • You may cancel your monthly membership at any time.
  • No Questions Asked!

Tags:


Forum Replies

  1. Hi Rene,

    How would you set the clock timezone and daylight savings information for pacific standard time. Could you show an example of that please?

  2. Hello Daniel

    You can achieve this with the following commands:

    ASA1(config)# clock timezone PST

    By default, daylight savings time is automatically adjusted with a recurring date range is from 2:00 AM on the second Sunday in March to 2:00 AM on the first Sunday in November. Some regions of the world change ad different times. You can change when daylight savings time will begin and when it will end using a command similar to the following:

    ASA1(config)# clock summer-time PDT 1 April 2022 2:00 60

    This will cause daylight savings time to begin on April 1st 2022,

    ... Continue reading in our forum

Ask a question or join the discussion by visiting our Community Forum