Through a Juniper or Netscreen firewall, authentication of IronKey Enterprise devices may not work, and you may receive Network error: (28) or (56) messages. This could be a proxy issue, but it might also be unique to the authentication process.
The Cisco Call Manager uses port 2000 to translate embedded IP addresses and port information. Port 2000 is used by the IronKey Enterprise Server for authentication of IronKey devices. The Juniper firewall NAT can treat this as a special port and tries to parse the packet when an application uses port 2000. You should be able to correct this by going to the ALG (Application Layer Gateway) and un-checking SCCP and SIP.
An alternate solution would be to enter the following command within the CISCO ASA Firewall: 'no inspect skinny'