Cisco Cisco IOS Software Release 12.4(23)

By default, all audit records are not stamped with the time and date, which are generated from the system 
clock when an event occurs. 

The Common Criteria evaluated Cisco IOS IPSec requires that the time-stamp feature be enabled on your 
Cisco IOS router. To enable the time stamp of audit events, use the service timestamps log datetime 
command.

To ensure that the timestamps option is meaningful, the system clock in your router must be set 
correctly. (See the following section, “

,” for more information.)

To provide accurate time stamps for logging and to ensure that your router can process validity dates for 
digital certificates, the system clock must be set. Some models of Cisco IOS routers have real-time 
clocks that maintain real time when the router is powered down; these real-time clocks are used to 
initialize the system clock at startup. Other models of Cisco IOS routers do not have a real-time clock 
and must obtain the correct date and time from a reliable time source using the NTP. One example of a 
reliable time source is a Cisco IOS router with a real-time clock operating as an NTP Server. 

 

lists router clock functions for use with Cisco IOS IPSec.

 lists the hardware versions of IPSec VPN modules.

Cisco 800 series

No

NTP client

The chapter “Performing Basic System 
Management” (fcf012.pdf) in the part 
“System and Network Management” of the

 

Cisco 1800 series 
Cisco 2800series 
Cisco 3800 series 
Cisco 7200s eries 
Cisco 7300 series 
Cisco 7600 series 
Cisco 6500 series 

Yes

Internal; can 
be NTP 
server

SPA-IPSEC-2G

68-2163-02, B0

SA-VAM2+

68-2288-05, C0

AIM-VPN/HPII-PLUS

800-24800-01, D0

AIM-VPN/EPII-PLUS

800-24799-01, D0

AIM-VPN/BPII-PLUS

800-24660-01, D0