We have a client using an IWATSU phone systems with IP cards int it. The clients config is like this;
Cisco 2811 (VPN Tunnel)
Cisco ASA 5540 (VPN Tunnel), (NO IDS inspection on VPN Tunnel)
Primary Phone Switch
Our communication path from one phone switch to the other is clean. Clients in the same vlan as the remote phone switch can ping the Primary phone switch and vise versa with the Primary to the remote. We were having trouble getting the phone switches to see each other and sync up. The vendor provided port 7000 destination as the only ports that needed to be open. When this failed to work we opened IP any between the Phone switches and still had no success. What we did see were a large number of retransmits in our packet captures along with resets which appeared to be coming form the Primary (in reality it was our ASA). To troubleshoot this problem we started looking for enabled inspect.policies (protocol fixups) that were enabled. By process of elimination we turned off SunRPC and bang the two Phone switches sync'd and started passing traffic.
Postmortem of this appears to show that Source port: 7000 and Destination port: 1024 on one switch and Source port: 1024 and Destination port: 7000 from the other switch always.
So now to my question. Why would my SunRPC inspect policy break this type of traffic? Also I find it a bit odd that the vendor is hard setting the Source port as the exact opposite of the Destination port. Any ideas and or thoughts would be greatly appreciated.