You want to authenticate your NTP packets.
Use the ntp authentication command to authenticate NTP traffic between associations. To configure an NTP enabled router to require authentication when other devices connect to it, use the following commands:
configure terminalEnter configuration commands, one per line. End with CNTL/Z. Router1(config)#
Then you must configure the same authentication-key on the client router:
configure terminalEnter configuration commands, one per line. End with CNTL/Z. Router2(config)#
People often confuse authentication with encryption. Authentication proves the authenticity of a packet’s source, whereas encryption encodes or enciphers the packet contents. For the purposes of NTP, proving the authenticity of the packet is critical, whereas encrypting the contents of the packet is unnecessary, since it only contains time information, which isn’t terribly sensitive in itself.
Cisco fully supports NTP authentication defined in RFC 1305. NTP authentication ensures that NTP associations synchronize time only to known and trusted NTP servers. This prevents servers from masquerading as legitimate timeservers ...