Correct me if I'm wrong, but it might be a bad idea to use 'ip verify reverse-path interface outside' on the pix because any packet arriving inbound on the outside interface would need it's source checked, thus adding delay while trying to connect to internal resources?

I think the command should be changed to 'ip verify reverse-path interface inside' to prevent internal spoofed addresses (the network isn't very large).