Hello people!
I am running HP Aruba 2530G with 16.10 firmware and am stuck at configuring ACLs to permit udp/123 for time synchronisation.
My network:
Sophos Firewall is handling routing between VLANs via InterVLAN routing. The 2530G connects to one of the ports on the FW.
The NTP server is located on another VLAN connected to the FW: NTP Server IP Addr 192.168.1.3
- The configuration for the 2530G is as follows.
- Interface 6 connects to the FW (IP Addr: 192.168.100.1 also gateway for the subnet)
- Interface 5 connects to a QNAPNAS. (192.168.100.5)
- Interface 4 connects to another HP Aruba Switch (192.168.100.3)
- Interface 3 - I am on this interface with IP Addr 192.168.100.2)
The 2530G also has 192.168.100.1 configured as the gateway.
I have the following ACL on Interface 6
ip access-list extended "Permit SNTP NTP udp/123 from QNAP to NTP"
10 permit udp 192.168.100.5 0.0.0.0 192.168.1.3 0.0.0.0 eq 123 log
20 permit tcp 192.168.100.5 0.0.0.0 192.168.1.3 0.0.0.0 eq 123 log
exit
Without the ACL, the QNAP NAS was able to connect to the NTP server at 192.168.1.3.
But with the above ACL, SNTP/NTP does not connect.
Am I missing something?