Unable to connect to TCP port 2000 on a Cisco Router with NAT

If you are unable to connect to TCP port 2000 on a Cisco router that has NAT configured it is likely because Cisco has allocated port 2000 to the Skinny protocol.

If you are unable to connect to TCP port 2000, there are 2 areas that you may need to make configuration changes to in order to resolve the issue.

The first area is within IP inspect:

ip inspect name myfw cuseeme timeout 3600
ip inspect name myfw ftp timeout 3600
ip inspect name myfw http java-list 44 timeout 3600
ip inspect name myfw rcmd timeout 3600
ip inspect name myfw realaudio timeout 3600
ip inspect name myfw tftp timeout 30
ip inspect name myfw udp timeout 15
ip inspect name myfw tcp timeout 3600
ip inspect name myfw h323 timeout 3600
ip inspect name myfw skinny

We need to remove the inspect entry for the Skinny protocol. If you are still having problems it is likely the Skinny NAT ALG is causing the issue so when need to turn it off using the following command

no ip nat service skinny tcp port 2000

This will stop the device thinking that traffic on port 2000 is using the skinny protocol and traffic destined for port 2000 should now flow normally.

Now that you know how to resolve the problem if you are unable to connect to TCP port 2000, browse our support archive for more useful articles.