Hi Ben,
Welcome to the network management forum. You would generally get more attention to a firewall question in the firewalling forum; but I'll have a try at it.
Your zone pair:
zone-pair security sdm-zp-in-dmz source in-zone destination dmz-zone
service-policy type inspect sdm-permit-dmzservice
applies. The service-policy called out there would have to permit icmp. It doesn't:
policy-map type inspect sdm-permit-dmzservice
class type inspect sdm-dmz-traffic
inspect
class type inspect SDM-Voice-permit
inspect
class type inspect sdm-nat--1
inspect
class class-default
pass
The easiest method would probably be to add a permit for icmp to the sdm-dmz-traffic class map. It is currently :
class-map type inspect match-all sdm-dmz-traffic
match access-group name dmz-traffic
match class-map sdm-dmz-protocols
which refers to:
class-map type inspect match-any sdm-dmz-protocols
match protocol smtp
So add:
match protocol icmp
to that final class-map above.