There's a list of things to try here. A long, long list so I apologize for the length. Please be careful as you go through, perhaps printing it out and checking things off as you test them. You'll have to google some of the pieces, too, using your own environment's information. If you continue to have trouble after going through this, please list which all you tried and worked fine, and where it finally went wrong.

BTW, a few of these steps are skipped (see first paragraph below) and in the later ones some are repeats of things that have been tried. Please just try then again for the sake of completeness.

First, you have already confirmed the packets are making it to your server via tcpdump/wireshark. Great, that would be step one and knowing that removes the entire "Have you configured your SourceFire Defense Center properly" question.

Now, on the OS side.

Second, absolutely double-check your firewall is turned off. It really only needs the right exception (port 514 TCP and UDP), but simply turning it off will work fine. To confirm, please find a third machine (I'll assume running Windows since that's what your Splunk box is running - modify as appropriate if you can only get your hands on a *nix box of a sort) and from that third, extra machine open a command prompt (As Administrator if you have UAC still on) and in there type

telnet 20.20.20.50 514

If you get a "Could not open connection to the host ..." then you simply don't have anything listening on 514 or it is firewalled. This and any other error condition must be corrected before anything farther down the chain will work. As long as you get nothing but a blinky cursor that "goes away" as soon as you try typing something, then you are likely good here.

Third, now that we've confirmed you absolutely and unequivocally have something actually listening on 514 and that there's no firewall blocking communication, we need to confirm your inputs. On your Splunk box, open a command prompt and type

cd \program files\splunk\bin
splunk cmd btool inputs list --debug | clip

Then open notepad and click Edit/Paste. That should drop a whole lotta "stuff" into notepad. Page down through there until in the right column you see the input you have set up for Splunk UDP 514 (or search a few times for "514" and you'll find it at some point). Look at it. See if it makes sense. You can paste that portion into a comment here and we can take a look if it doesn't make enough sense to you. Here's a little help in using btool. Below I've pasted the bits I have in a temporary UDP input on 5514 on my *nix based Splunk server. Yours will be similar but will have different paths and stuff.

/opt/splunk/etc/apps/search/local/inputs.conf                          [udp://5514]
/opt/splunk/etc/system/default/inputs.conf                             _rcvbuf = 1572864
/opt/splunk/etc/apps/search/local/inputs.conf                          connection_host = ip
/opt/splunk/etc/system/local/inputs.conf                               host = splunk-test
/opt/splunk/etc/apps/search/local/inputs.conf                          index = main
/opt/splunk/etc/apps/search/local/inputs.conf                          sourcetype = cisco_syslog

You'll see in there that it specifies the index it's going to and the sourcetype. It also tells you where to find the file that set that particular settings. You can see for my test I just created the input in the context "search" (look on the left in the path). But that some settings I didn't set there and are being picked up from system default (default settings) or system local (think of them as my local environment overrides to the default themselves.)

Lastly, assuming you have successes all along to this point, you can use the information from above to craft a search of the index where this data is actually going. Make sure you are logged in as admin so that you should have access to all indexes, but a search like index=main in my case over all time should pull up events.

Again, if you follow the above until you get something that "doesn't look right", that will help a lot in narrowing down where thing are going wrong.