Current situation where we have a central Pix setup handling multiple VPNs using Digital certificates and that is all working fine.
We now have a branch office wanting to use VPN over DSL, this is setup and working OK, but we have the following problem:
Whenever the 827 is rebooted/loses power it's time resets. This of course poses no end of problems with the certificates when it comes back up again.
I looked into SNTP but as it comes up about 9 years off the current date the time taken to drift back is approximately forever. Also I thought about pre-shared keys but this defeats the whole purpose or the security side and also we lose the certificate revoke ability.
I was wondering if anyone had any ideas ideally how to make SNTP work better or any other solution that would allow us to use certificates correctly after a power loss.
I'm a little confused about NTP not working properly. If you simply configure NTP on the router and point it to a valid stratum peer, then the clock on the router should be changed very soon after it comes up, it shouldn't need to "drift back". When dealing with certificates NTP is a necessity, otherwise, as you've seen, you'll run inot problems when the routers without battery backups reboot.
It seems it's a problem with our time server here. As said it does sync other devices/routers here.
I pointed the 827 at an internet time source and it happily synced away. Point it back to our server and no joy, even though it is actually getting a response back. I believe it has something to do with stratums, peers, etc.
Anyway as long as it works my problem is solved and I can deal with why it didn't work when I have more time. (i.e. never).
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...