Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2537
Views
5
Helpful
4
Replies

PIX NTP SERVER SETUP - HOW?

pdpmail
Level 1
Level 1

‎08-06-2004 02:13 AM - edited ‎02-20-2020 11:33 PM

I want to set up a NTP server on my PIX. I have a Pix 501 with 2 interfaces. The outside i/f connects to a Windows XP machine which has a broadband connection to the Internet. The XP machine itself gets accurate clock signal from a remote atomic clock time source.

What software can I use to set up an NTP time server with this set up?

Thanks

0 Helpful
4 Replies 4

bvanniekerk
Level 1
Level 1

‎08-06-2004 04:09 AM

You can either specify the same atomic clock or if you have a clock source running on the inside(one that is accurate). If you do decide to go outside, you should thing of specifying a key so that you are sure you only sync off the specified clock, instead of syncing off a clock source that spoofed the atomic clock IP.

Hope you get sorted.

0 Helpful

pdpmail
Level 1
Level 1
In response to bvanniekerk

‎08-06-2004 04:17 AM

Thanks for that. Do I need specific NTP server software - or would the Pix just collect time off the PC (or the Internet time source machine) ?

I assume I need some 'server' software element?

0 Helpful

bvanniekerk
Level 1
Level 1
In response to pdpmail

‎08-06-2004 04:23 AM

If you intend on getting the time from the upstream server, you'll either need to install software on in or enable ntp server on it. Not very familiar with windows & ntp. Why not specify an outside source with a trusted-key.

0 Helpful

Terry Pattinson
Level 1
Level 1
In response to bvanniekerk

‎08-06-2004 07:43 AM

The pix can be an NTP client to either an external (Public server) or internal server. To create an internal server:

The NTP server software is open-source and can be downloaded from

http://norloff.org/ntp/

The best way to implement NTP is to use an atomic clock (not very practical at about US$100K) or to use a GPS based clock (trimble is the GPS clock I know of) http://www.trimble.com/gps/timing1.html. Using an atomic clock or GPS time feed, plus NTP server software creates a stratum 1 clock (the lower the stratum, the closer to a real time source).

However, most of us cannot afford the extra expense. As a result, we use internet feeds, such as those available at

http://www.eecis.udel.edu/~mills/ntp/servers.html

Read the rules of engagements. Something new and interesting is ntp server pooling http://www.pool.ntp.org/ (using DNS round robin to select NTP servers)

Using Public NTP servers means we rely on public NTP stratum 1 or 2 servers and our internal server would be a stratum 2 or 3 server. I've not seen md5 checksumming available on public servers (which would be very strange anyway, as md5 is a shared secret type of environment and not a public keying environment and could be faked really easily), so I've generally synced up to between 5-10 ntp servers to an internal server and then sync my network equipment to the internal server. NTP is resistant to change once it syncs, so it has limited anti-spoofing built right in, so I've never worried about that side of things. NTP is a very lite app so I've also never worried about CPU, memory or bandwidth utilization in the standard network environments. Of course, hanging a few thousand ntp clients off of the server may change the landscape.

HTH

Terry

Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card