I came across a somewhat unusual issue earlier this week whilst trying to setup a NAT entry to forward HTTP traffic over port 2000. The firewalls being used were a pair of Cisco ASA 5505s. The relevant configuration was pretty straightforward:
object-group service AllowedPorts service-object tcp eq 2000 access-list outside-in extended permit object-group AllowedPorts any host 184.108.40.206
When trying to pass HTTP traffic to 220.127.116.11 over port 2000, the TCP connection would establish and eventually a TCP RST would be received. But no data would actually be transferred. Running the service on a port other than 2000 worked fine.
Continue reading Cisco ASA NAT problems with TCP Port 2000