L4 ASA5520 Firewall act as NTP Server/Client

Similar Messages

• How to sync clock of Cisco ASA 5505 from NTP Server on internet

  Hi there!
  i've setup a site, with cisco ASA 5505. It has public ip also.
  i want to sync the clock of firewall from on ntp server on internet, or with internal domain controller that is inside LAN.
  The firewall has public IP also.
  how can i do this?
  Regards!

  Hello Lasandro,
  This should do it!
  http://www.cisco.com/en/US/docs/security/asa/asa84/configuration/guide/basic_hostname_pw.html#wp1236530
  Looking for some Networking Assistance? 
  Contact me directly at [email protected]
  I will fix your problem ASAP.
  Cheers,
  Julio Carvajal Segura
  http://laguiadelnetworking.com

• Problem synchronizing windows clients with solaris 10 NTP server

  Hello everyone,
  I realyy need help on the following:
  I tried to synchronize windows 2003 as client with NTP server running in Solaris 10
  My Time Zone in the NTP server is GMT+3, and in my windows is also set to GMT+3
  When I start NTP server and clients , I got 6 hours delay between the clients and the server
  I tried to synchronize the Solaris server with another solaris system, the synchronization is working fine
  Your help
  Regards
  Hakim Fourar

  True (but only for later releases). But since he mentioned getting a 6 hour offset after starting them, that makes me think that the systems are communicating, and that the time zones are incorrect.
  This is easily verified by using 'ntpq -p' and 'date ; date -u'. The first will show if the client thinks it is synchronized to a server (and what the UTC offset is in miliseconds). The second will show the date in the default timezone and in UTC.
  If you're not using POSIX, you'd think that GMT+XX meant east of UTC, but for POSIX, it means west of UTC.
  Darren

• NTP server unreachable through ASA firewall

  Hi all,
  I've configured a DMZ switch to point to an NTP server on on the Inside, but I get a debug message on the switch that says:
  NTP: <NTP server IP address> unreachable
  I'm confident that the NTP server is configured properly, as there are more than a dozen other hosts using it, successfully. The difficulty here is that the NTP packets are having to flow from the DMZ to the Inside. I have a rule set on the firewall that permits the IP address of the switch to connect to the IP address of the NTP server as follows:
  access-list intdmz1_acl extended permit udp host <IP address of switch> host <IP address of NTP server> eq ntp
  I can see the hit counter on this rule incrementing.
  The firewall can ping the NTP server, and the NTP server can ping the switch, so I think routing is OK.
  Output from the DMZ switch:
  switch#show ntp associations
        address         ref clock     st  when  poll reach  delay  offset    disp
  ~192.168.65.254   0.0.0.0          16     -    64    0     0.0    0.00  16000.
  * master (synced), # master (unsynced), + selected, - candidate, ~ configured
  switch#show ntp status
  Clock is unsynchronized, stratum 16, no reference clock
  nominal freq is 119.2092 Hz, actual freq is 119.2092 Hz, precision is 2**17
  reference time is 00000000.00000000 (00:00:00.000 GMT Mon Jan 1 1900)
  clock offset is 0.0000 msec, root delay is 0.00 msec
  root dispersion is 0.00 msec, peer dispersion is 0.00 msec
  PRNLN-DMZ-SW01#sh run | inc ntp
  ntp source Vlan138
  ntp server 192.168.65.254
  ukhvdc00vs01#sh run | inc ntp
  ntp source Vlan65
  ntp master 3
  ntp update-calendar
  ntp server 0.uk.pool.ntp.org
  ntp server 1.uk.pool.ntp.org
  PRNLN-DMZ-SW01#show ntp status
  Clock is unsynchronized, stratum 16, no reference clock
  nominal freq is 119.2092 Hz, actual freq is 119.2092 Hz, precision is 2**17
  reference time is 00000000.00000000 (00:00:00.000 GMT Mon Jan 1 1900)
  clock offset is 0.0000 msec, root delay is 0.00 msec
  root dispersion is 0.00 msec, peer dispersion is 0.00 msec
  Does the firewall rule need to permit more than UDP/123 for this to work perhaps?
  NTPconfig on DMZ switch:
  switch#sh run | inc ntp
  ntp source Vlan138
  ntp server <IP address of NTP server>
  ===================
  NTP config on NTP server:
  NTP_Server#sh run | inc ntp
  ntp source Vlan65
  ntp master 3
  ntp update-calendar
  ntp server 0.uk.pool.ntp.org
  ntp server 1.uk.pool.ntp.org
  Any guidance welcomed.
  Thank you,
  Olly

  Hi Julio,
  Hi Julio,
  For the purposes of this information:
  DMZ switch IP = 5.6.7.8
  NTP server IP = 10.1.1.1
  Here's the output from the show commands:
  ciscoasa# show capture NTPCAPTUREDMZ
  11 packets captured
     1: 16:22:05.271500 802.1Q vlan#138 P6 5.6.7.8.123 > 10.1.1.1.123:  udp 48
     2: 16:23:09.276185 802.1Q vlan#138 P6 5.6.7.8.123 > 10.1.1.1.123:  udp 48
     3: 16:24:13.274033 802.1Q vlan#138 P6 5.6.7.8.123 > 10.1.1.1.123:  udp 48
     4: 16:24:57.272813 802.1Q vlan#138 P6 5.6.7.8.123 > 10.1.1.1.123:  udp 48
     5: 16:24:58.279480 802.1Q vlan#138 P6 5.6.7.8.123 > 10.1.1.1.123:  udp 48
     6: 16:24:59.277817 802.1Q vlan#138 P6 5.6.7.8.123 > 10.1.1.1.123:  udp 48
     7: 16:25:00.275971 802.1Q vlan#138 P6 5.6.7.8.123 > 10.1.1.1.123:  udp 48
     8: 16:25:01.275559 802.1Q vlan#138 P6 5.6.7.8.123 > 10.1.1.1.123:  udp 48
     9: 16:25:02.272599 802.1Q vlan#138 P6 5.6.7.8.123 > 10.1.1.1.123:  udp 48
    10: 16:25:03.279129 802.1Q vlan#138 P6 5.6.7.8.123 > 10.1.1.1.123:  udp 48
    11: 16:25:04.277710 802.1Q vlan#138 P6 5.6.7.8.123 > 10.1.1.1.123:  udp 48
  11 packets shown
  ciscoasa# show capture NTPCAPTUREINSIDE
  0 packet captured
  0 packet shown
  ciscoasa# show capture NTPASP | include 10.1.1.1
  419: 16:24:13.274171 802.1Q vlan#138 P6 5.6.7.8.123 > 10.1.1.1.123:  udp 48
  1820: 16:24:57.272904 802.1Q vlan#138 P6 5.6.7.8.123 > 10.1.1.1.123:  udp 48
  1841: 16:24:58.279587 802.1Q vlan#138 P6 5.6.7.8.123 > 10.1.1.1.123:  udp 48
  1876: 16:24:59.277909 802.1Q vlan#138 P6 5.6.7.8.123 > 10.1.1.1.123:  udp 48
  1934: 16:25:00.276062 802.1Q vlan#138 P6 5.6.7.8.123 > 10.1.1.1.123:  udp 48
  2027: 16:25:01.275651 802.1Q vlan#138 P6 5.6.7.8.123 > 10.1.1.1.123:  udp 48
  2068: 16:25:02.272690 802.1Q vlan#138 P6 5.6.7.8.123 > 10.1.1.1.123:  udp 48
  2095: 16:25:03.279221 802.1Q vlan#138 P6 5.6.7.8.123 > 10.1.1.1.123:  udp 48
  2129: 16:25:04.277802 802.1Q vlan#138 P6 5.6.7.8.123 > 10.1.1.1.123:  udp 48
  2200: 16:25:05.275849 802.1Q vlan#138 P6 5.6.7.8.123 > 10.1.1.1.123:  udp 48
  2233: 16:25:06.274094 802.1Q vlan#138 P6 5.6.7.8.123 > 10.1.1.1.123:  udp 48
  2275: 16:25:07.273606 802.1Q vlan#138 P6 5.6.7.8.123 > 10.1.1.1.123:  udp 48
  2327: 16:25:08.280182 802.1Q vlan#138 P6 5.6.7.8.123 > 10.1.1.1.123:  udp 48
  2347: 16:25:09.277222 802.1Q vlan#138 P6 5.6.7.8.123 > 10.1.1.1.123:  udp 48
  2373: 16:25:10.275467 802.1Q vlan#138 P6 5.6.7.8.123 > 10.1.1.1.123:  udp 48
  2399: 16:25:11.273759 802.1Q vlan#138 P6 5.6.7.8.123 > 10.1.1.1.123:  udp 48
  2414: 16:25:12.273347 802.1Q vlan#138 P6 5.6.7.8.123 > 10.1.1.1.123:  udp 48
  I'm guessing we should see some packets in the second capture, but we're not...
  Does this help?
  Thanks!
  Olly

• Microsoft Windows Server 2003 as NTP server for IOS clients

  I am trying to synchronize the clock in my switches using a Windows 2003 ntp server. Debugging shows that the switch receives an answer from the server, but will not accept it. Debugging shows "Failed validity tests 20" which I think means "bogus packet received".
  On the server side I have changed the registry key HKLM\SYSTEM\CurrentControlSet\Services\W32Time\Config\LocalClockDispersion from the default value 10 to 0, found that tip on the web. I also adjusted the switch clock manually so that the difference was less than a minute. Did not help.
  I am currently testing with a 2960G with IOS 12.2(25)SEE3
  Here is the debug output: (ntp events, ntp packets, ntp validity)
  May 14 16:07:25: NTP: xmit packet to <server ip address> :
  May 14 16:07:25: leap 3, mode 3, version 3, stratum 0, ppoll 64
  May 14 16:07:25: rtdel 0000 (0.000), rtdsp 10001 (1000.015), refid 00000000 (0.0.0.0)
  May 14 16:07:25: ref 00000000.00000000 (01:00:00.000 CET Mon Jan 1 1900)
  May 14 16:07:25: org CBD57216.A8000000 (16:13:42.656 CEST Wed May 14 2008)
  May 14 16:07:25: rec CBD5705D.5075BD5A (16:06:21.314 CEST Wed May 14 2008)
  May 14 16:07:25: xmt CBD5709D.515717A2 (16:07:25.317 CEST Wed May 14 2008)
  May 14 16:07:25: NTP: rcv packet from <server ip address> to <switch ip address> on Vlan5:
  May 14 16:07:25: leap 3, mode 4, version 3, stratum 0, ppoll 64
  May 14 16:07:25: rtdel 0000 (0.000), rtdsp 10400 (1015.625), refid 00000000 (0.0.0.0)
  May 14 16:07:25: ref CBBA0238.40395810 (20:45:12.250 CEST Wed Apr 23 2008)
  May 14 16:07:25: org CBD5709D.515717A2 (16:07:25.317 CEST Wed May 14 2008)
  May 14 16:07:25: rec CBD57256.AC000000 (16:14:46.671 CEST Wed May 14 2008)
  May 14 16:07:25: xmt CBD57256.AC000000 (16:14:46.671 CEST Wed May 14 2008)
  May 14 16:07:25: inp CBD5709D.56C08EFA (16:07:25.338 CEST Wed May 14 2008)
  May 14 16:07:25: NTP: packet from <server ip address> failed validity tests 20
  May 14 16:07:25: Peer/Server Clock unsynchronized

  Nothing much in the switch, just
  clock timezone CET 1
  clock summer-time CEST recurring last Sun Mar 2:00 last Sun Oct 3:00
  ntp server x.x.x.x
  At the Windows 2003 server I changed two registry keys, but I think the first one was not needed.
  HKLM\SYSTEM\CurrentControlSet\Services\W32Time\Config\LocalClockDispersion changed from 10 to 0
  w32tm /config /update
  HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Parameters\Type="NT5DS"
  Restarted Windows time service
  Note that NT5DS means that this server will get its time from another domain controller in my domain.
  The point is to make sure that time really is synchronized at the server. If you want the server to sync from an external source, consider changing the source to something other than time.windows.com
  net time /querysntp and net time /setsntp
  Vigleik

• CSCum76937 - CUCM Distributed denial-of-service vulnerability on NTP server

  I'd request that the built-in iptables on the CUCM, which we users can't adjust at all, could be autoadjusted by the CUCM itself to remove this DDOS vector, namely by restricting NTP to/from the CUCM only to these hosts:
     the NTP server(s) it talks with, as configured in 'System>Phone NTP Reference'
     the device(s) subscribed to it, who get their time from it.
  why can that not be done?

  thanks, Wes--that response helps to frame the sometime-conflicting tensions between preserving performance and providing security.
  I've been thinking about that, and the really excellent Cymru 'secure NTP template' (see
  http://www.team-cymru.org/ReadingRoom/Templates/secure-ntp-template.html)
  , trying to think about what could be done to offer better protection from the NTP attacks with less dynamicness, thinking that it's still important to offer something--all of my CUCMs that are outside firewalls have been attacked and participated in NTP-amplification attacks--and offer these suggestions as to things that the iptables might be leveraged to protect the CUCM, and at least as importantly everyone else FROM the CUCM, in a more static way:
  * turn off control queries TO the CM--these are the vector into the CM that results in the amplification DDOS
  * permit NTP into the CM only from the configured NTP servers the CM is using--yes, that's slightly 'dynamic', but will only occur infrequently and can be discretely done--scale is very small.
  * the remaining really-dynamic part would be "only serve ntp to configured clients", and I can (reluctantly) understand why you push back on that.  but if the first two points could be provided for, particularly the control-query filter which is the vector for at least the present threat, that's a huge improvement now.
  the Cyrmu template under Unix NTP endsystems has some useful suggestions that could be adapted for CUCM iptables:
  (quote from Cyrmu):
  You can use your standard host firewall filtering capabilities to limit who the NTP process talks to.  If you're using Linux and the host is acting as an NTP client only, the following iptables rules could be adapted to shield your NTP listener from unwanted remote hosts.
  -A INPUT -s 0/0 -d 0/0 -p udp --source-port 123:123 -m state --state ESTABLISHED -j ACCEPT
  -A OUTPUT -s 0/0 -d 0/0 -p udp --destination-port 123:123 -m state --state NEW,ESTABLISHED -j
  (end quote)

• "Local" failover for NTP Server on Solaris 10

  I have four Solaris 10 Servers, all syncing their time from an external NTP server ntp.example.com.
  Is it possible to configure one of the four servers as a local "pseudo" Failover NTP, i.e. acting as a client to ntp.example.com, as long as it is available, and acting as a NTP server to the remaining three servers in case ntp.example.com is not available, so that at least the four local servers remain synced among themselves?

  Shouldn't be any problem. For one thing you can always specify multiple servers in the /etc/inet/ntp.conf file and use one of them as 'prefer', i.e.:
  server ntp.example.com prefer
  server local.mydomain.com
  Then again, perhaps it would just be easier if one of your servers syncs against 'ntp.example.com' and the rest of your servers always synchronizes against that one server?
  .7/M.

• NTP server - can't fix it

  Hello,
  I have two 10.6.4 server machines wich I use as NTP server for my clients (both referes to time.europe.apple.com and have flagged NTP under general settings to enable NTP).
  One of them works properly: if on a client i use his FQDN or IP they took istantly the right hour.. the other one is like unseen from clients.
  both of them have the following files configurations:
  /private/etc/ntp.conf
  server time.euro.apple.com
  /private/etc/ntp-restrict.conf
  restrict default kod nomodify notrap nopeer noquery
  restrict -6 default kod nomodify notrap nopeer noquery
  #localhost is unrestricted
  restrict 127.0.0.1
  restrict -6 ::1
  includefile /private/etc/ntp.conf
  I can figure out why one of them works and the other one not..
  Both of them have firewall service off.

  Maybe if you tried to restore your computer back to a month ago or sometime before you had this problem?

• 3750 stack won't sync with NTP server

  Any help greatly appreciated with this one - I can't for the life of me figure out what's going wrong here.
  I'm working on a 3750 stack in Singapore (UTC +8) and I'm trying to get it to sync its clock with 3.sg.pool.ntp.org.
  This is the weird part - "sh ntp associations" shows that it is syncing:
    address         ref clock       st   when   poll reach  delay  offset   disp
  *~199.195.193.200 203.117.180.36   2     52     64   377 80.936 -13895.  1.771
  * sys.peer, # selected, + candidate, - outlyer, x falseticker, ~ configured
  And "sh ntp associations de" shows that it's happy:
  199.195.193.200 configured, our_master, sane, valid, stratum 2
  ref ID 203.117.180.36, time D691F63E.C4B691CD (17:26:22.768 UTC Tue Jan 28 2014)
  our mode client, peer mode server, our poll intvl 64, peer poll intvl 64
  root delay 196.39 msec, root disp 592.71, reach 377, sync dist 944.69
  delay 80.93 msec, offset -13895.2686 msec, dispersion 2.65
  precision 2**20, version 4
  org time D691FA8F.5FF29003 (17:44:47.374 UTC Tue Jan 28 2014)
  rec time D691FA9D.5041E9C7 (17:45:01.313 UTC Tue Jan 28 2014)
  xmt time D691FA9D.3B3524C8 (17:45:01.231 UTC Tue Jan 28 2014)
  filtdelay =    82.20   80.93   82.17   81.49  155.78   81.08   84.67   82.09
  filtoffset = -13897. -13895. -13899. -13900. -13901. -13872. -13876. -13876.
  filterror =     0.00    0.99    1.98    2.94    3.94    4.92    5.87    6.81
  minpoll = 6, maxpoll = 10
  But the clock is stubbornly remaining unsynchronised ("sh ntp st"):
  Clock is unsynchronized, stratum 16, reference is 199.195.193.20
  nominal freq is 119.2092 Hz, actual freq is 119.2092 Hz, precision is 2**17
  reference time is 00000000.00000000 (08:00:00.000 UTC Mon Jan 1 1900)
  clock offset is -13895.2686 msec, root delay is 0.00 msec
  root dispersion is 14.62 msec, peer dispersion is 3.26 msec
  loopfilter state is 'CTRL' (Normal Controlled Loop), drift is 0.000000000 s/s
  system poll interval is 64, never updated.
  NTP-relevant config is as follows (no ACLs, outbound UDP 123 allowed on perimeter firewall):
  clock timezone UTC 8 0
  ntp server 3.sg.pool.ntp.org
  I have configured a pair of stacks in Hong Kong for NTP (though that was a couple of months ago and I recall that those were a pain at the time as well) and those are working fine.

  Much to my annoyance, the switch stack is now synchronised.  No  configuration changes were made in the interim; it just looks like it  needed a long time (well over an hour in this case) to start syncing  properly.

• Selection criteria of NTP server

  Hi
  If 4 x NTP servers are configured on cisco router then what is the criteria that which server cisco picks first ? can some one share the selection criteria of NTP servers, same questions for NTP peer.
  Thanks !
  Regards,
  Umair

  Hi,
  "In a common client/server model, a client sends an NTP message to one or more servers and processes the replies as received. The server interchanges addresses and ports, overwrites certain fields in the message, recalculates the checksum, and returns  the message immediately. Information included in the NTP message allows the client to determine the server time with respect to local time and  adjust the local clock accordingly. In addition, the message includes information to calculate the expected timekeeping accuracy and reliability, as well as select the best server."
  So in other words "Before synchronizing, NTP compares the time reported by several network devices and does not synchronize with one that is significantly different, even if it is a stratum 1."
  You can prefer a server:  ntp server prefer
  You also can peer NTP servers.  If you have two or more peers then the most accurate peer acts as the server and the other peer(s) act as clients.
  Here are some helpful commands:
  show ntp associations
  show ntp status
  debug ntp events
  debug ntp adjust
  debug ntp core
  Note: NTP server functionality is supported starting in Cisco NX-OS Release 5.2.
  Hope this helps.

• My solution for AEBS locking up (NTP server not reachable)

  I'll prefix this by saying that the issue that I found is pretty rare, but easy to fix.
  I had a problem with my Airport Express that would cause all sorts of weird problems. After a couple days, either it wouldn't print, not allow clients to associate, not accept the correct password in the Airport Admin Utility, or not show up in the Airport Admin utility.
  It turns out that I had enabled using a NTP server, but the NTP server wasn't reachable. In my network setup, the airports are in part of the subnet that's firewalled from the internet. The fix was for me to change the NTP server to an internal machine, but turning off NTP would have worked just the same.
  NTP seems to only be used for logging, so turning it off shouldn't affect network performance.
  I haven't had to reset either base stations since.

  Here you go!
  Use the terminal and be a root user and follow the steps bellow:
  cd /etc
  more ntp.conf
  Then include this two lines:
  server 127.127.1.1 prefer
  fudge 127.127.1.1 stratum 3 refid NIST
  After that save and exit. Then checked your ntp using the server admin tool and thats done. Be warn don't mend anything with the system preferences date and time.

• Setting up gateway and firewall in OS X Server 10.3?

  Hi all,
  I have a G4 tower with two working ethernet cards in it that I would like to configure as a gateway and firewall. It has OS X Server 10.3 on it. I have easily found the firewall configuration in the Server Admin intrerface, but I can find nothing about configuring the server to act as a gateway. The only information I have found that is pertinent is related to the Gateway Setup Assistant that comes with OS X Server 10.4, which doesn't exaclty help me. Does anyone have any documentation on configuring OS X Server 10.3 to be a gateway? Thanks.

  Actually, I may have marked this as answered too quickly...
  So I followed the guide at the back of the getting started manual, and set everything up as follows:
  - PCI ethernet card is set up as the connection to the outside world. It is plugged into a switch which connects to a wall jack. In Network under System Preferences, it is set up as the first internet conection to try. It has a static IP address, and is set up to use the organization's DNS servers. It is NOT plugged into the upstream port, but is instead in port #9. The light on the router is on.
  - Built-in wireless is set up to be the internal connection. It is plugged into the upstream slot on anouther switch. It has a static IP address, and is set up to use the organization's DNS servers. The light on the router is on, so it appears there is a connection.
  - A different computer is plugged into the second switch, which a static IP address and to use the organization's DNS servers.
  So basically, unlike in the scenario in the manual, I am not using the OS X Server for DNS, DHCP or NAT services. That should, if anything, simplify it.
  The firewall service is started, and is set to allow all traffic in and out, no problems. Nice and simple to start.
  The server has an okay connection to the outside world via the PCI ethernet card. I can ping other machines and load web pages. I cannot, however, access the machine connected to the router which is connected to the built-in ethernet. Likewise, that machine has no access to either the OS X Server or the outsideworld.
  How does OS X Server decide which ethernet card is to be connected to the outside world, and which is for the internal firewall? Is the confusion possible because I'm connected to two routers?

• W32tm always on "Local CMOS clock" on virtual domain controller - cannot change to NTP server

  The domain controller (Server 2012R2) is hosted on Hyper-V (Server 2012R2). It is a PDC.
  - firewall disabled
  - cleaned up w32tm:
  net stop w32time
  w32tm /unregister
  w32tm /register
  net start w32time
  - applied ifixit from http://support.microsoft.com/kb/816042 to enable external ntp server de.pool.ntp.org
  - disabled
  VMICTimeProvider in registry
  (HKLM\SYSTEM\CurrentControlSet\Services\W32Time\TimeProviders\VMICTimeProvider\Enabled = 0)
  I can manually query the ntp server de.pool.ntp.org:
  w32tm /stripchart /computer:de.pool.ntp.org /samples:5 /dataonly
  de.pool.ntp.org wird verfolgt [131.188.3.221:123].
  5 Proben werden gesammelt.
  Es ist 24.04.2014 10:07:36.
  10:07:36, +00.0115379s
  10:07:38, -00.0025048s
  10:07:40, -00.0008595s
  10:07:42, -00.0010477s
  10:07:44, -00.0014516s
  But still, w32tm does NOT query the ntp server:
  PS C:\Windows\system32> w32tm /query /source
  Local CMOS clock
  rosch

  Hi rosch,
  Based on your description, please check if disable the "Time synchronization" Integration service. Please refer
  to the following operation.
  In Hyper-V Manager, right click the DC and select “Settings…”.
  In the left panel of Settings, navigate to Integration Services and click it.
  Then in the right panel, please uncheck Time synchronization.
  By the way, please check if can connect to the time server and UDP port was opened for NTP.
  If any update, please feel free to let me know.
  Hope this helps.
  Best regards,
  Justin Gu

• CER 7.1.1 install - no NTP server option

  Trying to install CER 7.1.1.  When I get to the Network Time Protocol Client Configuration window it prompts me to put in an NTP server IP address.  The install never prompts me to configure an NTP server or not.  The install doc says that I should get prompted to choose NTP or not, just like a CUCM install.  Did I do something wrong?  I tried it several times and get the same thing.  I have a Not For Resale disc and this is in a lab.  Is there something special about that disc? I don't want to use NTP but I configured a Win2K3 server to be the NTP server, it's reachable but the install can never connect to it.  Needless to say, I can't finish the install.  Below is what I get.
  Network Time Protocol Client Configuration
  NTP  Server 1  ---------
  NTP Server 2  ---------
  NTP  Server 3 ----------
  NTP  Server 4 ----------
  NTP  Server 5 ----------
  There is no option to choose No NTP.  You either  have to put in an NTP server or you can't move on with the  installation.

  Thanks for the replies.  I was using an installation guide, below, that shows the option to choose NTP or not on step 18.  Is the document wrong then?  In any case, I tried the hacks for Windows, no go.  I tried Linux NTP {Ubuntu], no go.  Otherwise, I just have a voice gateway and a 3524 that doesn't do NTP server.   Any suggestions on getting Linux to work with CER NTP?  Thanks.
  Step 18 On the Network Time Protocol Client Configuration page, you are asked if you want to set up external Network Time Protocol (NTP) servers.
  Note Cisco strongly recommends that you use external NTP servers to ensure that the system time is kept accurate.
  If you click Yes, the system displays a second Network Time Protocol Client Configuration page. In the fields provided, enter the IP address or hostname of the external NTP servers, then click OK. The Database Access Security Configuration page displays. Skip to Step 19.
  If you click No, the Hardware Clock Configuration page appears. Enter the following information:
  • Year [yyyy]
  • Month [mm]
  • Day [dd]
  • Hour [hh]
  • Minute [mm]
  • Second [ss]
  When you have finished entering this information, click OK. The Database Access Security Configuration page appears.
  http://www.cisco.com/en/US/docs/voice_ip_comm/cer/7_0/english/administration/guide/e911inst.html

• Python Server/Client Application Development

  Hey All!
  I am writing a basic proof of concept server/client application for a project I am working on.
  My goal is this:
  1) End user launches client.
  2) Client connects to server.
  3) User selects one or more files to send to server.
  4) Server saves a copy of each file.
  5) Server terminates connection.
  5) Server processes each file.
  6) Upon completion of the processing server sets a "processing completed flag."
  7) Client periodically checks with server for "processing completed flag."
  8) Client securely reconnects
  9) Client downloads processed files.
  I have no background in programming servers/clients so this will be a learning experience for me and the workflow described above may change as I learn more about how this all works. Currently my hope is to first implement a system that will stay connected while the files are processed and once I have a better understanding as to how that works I can add more complexity to the system.
  I will be writing this in Python 3.3 and the server will be hosted on a server which will (for now) be running Arch.
  This thread will act as a sort of development journal but feel free to comment or post suggestions. I will for sure have questions as I go along too!

  brettski wrote:Turns out the best way (so far as I can tell) is to go integer -> string -> byte and then byte -> string -> integer..
  Do you mean regular, non-byte strings? That cannot possibly be the best way to do it. It would be like using Russian as an intermediary language for translating Spanish to French.
  Maybe the following will set you on the right path:
  http://stackoverflow.com/questions/6187 … -in-python
  http://stackoverflow.com/questions/4445 … int-python
  Looking further, this is probably the right way to do it:
  some_int = 57
  bytes = struct.pack('i', bytes)
  sock.send(bytes)
  See http://docs.python.org/3/library/struct.html for details.
  As for threaded servers, you may find some useful examples here.