we've tried NATing
(inside,outside) SQLServer to 'outside int ip'
(outside,inside) 'outside interface' to SQLServer
(inside,outside) SQLServer to Lastrock
(outside,inside) Lastrock to SQLServer
(inside,outside) 'outside interface' to SQLServer
The exact error we are getting on Lastrock's logs in "unable to authenticate communication to xxxx on TCP port 1433 (xxxx is our ASA's outside facing IP address), however as mentioned earlier the packet trace allows the connection to go all the way thru.