The normal trick is to create two machines as NTP stratum 2 or 3 servers.
The rest of the machines server off these two machines (for stability and
>From a traffic point of view it would be better to have the servers inside
your firewall, though NTP traffic is pretty low after the system stabilises.
I assume that your link is not a dial-up.
I think Doug answers the question of whether you can run it through plug-gw
>NTP is a UDP-based service, so you can't plug-gw it. The usual
>procedure is to run an NTP daemon on the bastion host, and sync it to
>as many low-stratum servers as possible. Have the internal clients
>sync either directly to the bastion host or to internal higher-stratum
Of course this reduces your redundancy as there is only one server now
instead of two.
If you allow a rule of <internal> to <fw> on UDP 123 and <fw> to <anywhere>
on UDP 123 it should work
There is a garmin GPS plug in for a cisco server that I know of - but your
best source of specific info on these type of things is on
Personally I would use an internal primary server synced from GPS or a
radio clock - have a look at http://www.eecis.udel.edu/~ntp/ though they
appear to be down at the moment.
Bret Watson & Associates, Computer Security Consultants
Phone: +61 41 4411 149 (local time UTC +8)
Fax: +61 8 9454 6042