I have recently had some issues connecting to one of our remote Hitahci AMS Storage Array’s using Storage Navigator Modular which by default uses port 2000.

I was getting messages such as the below;

Failed to connect with the subsystem. Confirm the subsystem status and the LAN environment, and try again.

The physical connection was as below;

My PC => Cisco Core => Cisco ASA Firewall => Cisco 2801 Router => LEASED LINE => Cisco ASA Firewall => Cisco Core => HDS AMS

After lots of digging around I found using port 2000 on a Cisco network is not a good idea. Cisco uses port 2000 (Skinny or SCCP) for it’s VOIP products and Cisco routers and Firewalls tend to treat port 2000 as a special port and do some funny thing with the data.

So if you are having a similar issue you have two solutions

Set your device to use a different port to 2000, which is a good idea if you are using Cisco VOIP or stop your Cisco Router(s) and Firewall(s) from treating port 2000 as special.

On any Cisco routers between you and  your device enter the below command in configure terminal mode;

no ip nat service skinny tcp port 2000

On any Cisco ASA between you and you device disable skinny inspection. Again in configure terminal mode;

policy-map global_policy

class inspection_default

no inspect skinny