I have a strange issue with a client who has a cisco based network. They have a catalyst 2900 switch and a Pix 515 firewall. The issue is that if a windows machine tries to syn its time up with any internet time provider it fails and never syncs. I have read through the config for both the catalyst switch and the pix firewall and there are no ACL's blocking UTP access. NAT is enabled for all networks behind the pix and I can get internet on all machines behind the pix. There are no acl's whatsoever on the PIX and I read that by default it will allow internal clients outbound on all ports. The switch does have acl's but allow ip any any across vlans. It is very strange. The only thing I did find is that the catalyst is the NTP master. I kind of wondered if because it is the NTP master and a client machine is trying to sync with an external time source that the catalyst sees this and discards the packet.
Would anyone have any ideas?