The normal trick is to create two machines as NTP stratum 2 or 3 servers.
The rest of the machines server off these two machines (for stability and
redundancy).
>From a traffic point of view it would be better to have the servers inside
your firewall, though NTP traffic is pretty low after the system stabilises.
I assume that your link is not a dial-up.
I think Doug answers the question of whether you can run it through plug-gw
>NTP is a UDP-based service, so you can't plug-gw it. The usual
>procedure is to run an NTP daemon on the bastion host, and sync it to
>as many low-stratum servers as possible. Have the internal clients
>sync either directly to the bastion host or to internal higher-stratum
>servers.
Of course this reduces your redundancy as there is only one server now
instead of two.
If you allow a rule of <internal> to <fw> on UDP 123 and <fw> to <anywhere>
on UDP 123 it should work
There is a garmin GPS plug in for a cisco server that I know of - but your
best source of specific info on these type of things is on
comp.protocols.time.ntp
Personally I would use an internal primary server synced from GPS or a
radio clock - have a look at http://www.eecis.udel.edu/~ntp/ though they
appear to be down at the moment.
Cheers,
Bret
Bret Watson & Associates, Computer Security Consultants
Bret .
Watson @
bwa .
net http://www.bwa.net/
Phone: +61 41 4411 149 (local time UTC +8)
Fax: +61 8 9454 6042
References:
|
|
