We are facing this issue regarding network infrastructure of some customers we take care.
In those infrasctructure, only the network layer 3 is allowed to consult an NTP Master Server (as stratum 0 for example). Although this layer 3 device acts as a NTP client related to that server, for other devices in this infrastructure, the layer 3 becomes the master NTP (stratum > 0).
For some infrastructures a firewall ASA performs the layer 3 role and must to be this way. Other devices depends on the firewall to synchronize the clock.
The question is: how can we configure the ASA as a NTP server or is it not possible?
I don't think there is any firmware support for using an ASA as an NTP time source, sorry.
How deeply do you care about the stratum? I run most of my clients at stratum 4, with only my outside DNS/NTP servers at stratum 3, consulting some upstream but nearby (inside the AS) stratum 2 servers. This works fine; I'm not shooting for nanosecond precision. There ought to be some NTP servers you can tap into closer than stratum 0 or 1. Or you could buy a GPS based gizmo to act a a local time source.
I think you can use static PAT on UDP/123 (NTP) on NTP-client-site interface of an ASA. So clients will direct their NTP request to the ASA and the ASA will forward them to real ntp server somewhere. For NTP-clients ASA is gonna be an NTP-server in their config. Not common, but i think it'll work.