A resposta final é aqui .
Obrigado, na verdade, a David Mills e Danny Mayer por responderem à pergunta.
Para resumir:
Symmetric key cryptography works fine behind a NAT box. See the Authentication Support page in the official NTP documentation on ntp.org. As I said, the intended Autokey model is for the server and client to live on the Internet side of the NAT box and have it serve time to the internal network via a separate interface.
Além disso,
Here's Dr. Mills' PowerPoint slides describing the NTP Security Model:
http://www.ece.udel.edu/~mills/database/brief/autokey/autokey.ppt