This sounds like a routing problem. It sounds like the Cisco does not have a return route for the 10.170.30.0/24 network.
Another observation - If you are running firewall, then all of your IP interfaces need an access policy of some kind. How you want to build your security zones would affect how you build those policies. VLAN 2001 should have a security/access policy on it, even if it is a just an allow any. With firewall on and no policy on the interface, it may not pass return traffic back through to the 10.170.30.1 interface from the 10.127.0.1 host.