From what is explained, i cant explain why it ping without the route. Your servers should have a route for the range allocated to the vpn client pool, classically the default route. If your default GW is not the ASA, then the router should have a rou...
Big difference between pix 6.x and 7.X is the tcp statefull engine that got quite of a lift up. It is much more aggressive in dropping suspicious TCP segments or sanitizing the various headers. It would be ideal to find a reproducable scenario: downl...
The exact same restrictions applies: detection is ok because you will not force skype to adapt and go via tunneled HTTPs connection. If you start blocking it, it will adapt and change port / network behavior.