Cisco ASA NAT problems with TCP Port 2000

I came across a somewhat unusual issue earlier this week whilst trying to setup a NAT entry to forward HTTP traffic over port 2000. The firewalls being used were a pair of Cisco ASA 5505s. The relevant configuration was pretty straightforward:

object-group service AllowedPorts
 service-object tcp eq 2000 
access-list outside-in extended permit object-group AllowedPorts any host 1.1.1.1

When trying to pass HTTP traffic to 1.1.1.1 over port 2000, the TCP connection would establish and eventually a TCP RST would be received. But no data would actually be transferred. Running the service on a port other than 2000 worked fine.
Continue reading Cisco ASA NAT problems with TCP Port 2000