Craig,Have you enabled ICMP error inspection as well? In order for the ASA to process ICMP error messages, you'll need to enable error inspection with the following command in your policy:inspect icmp errorSee:http://www.cisco.com/en/US/docs/security...
