I have the asa-ssm-20 in my asa. i have it running with policy maps for inline. I can do deny packet and deny connection etc for icmp/reply it works fine for my testing. but i can't get it to stop the connections. I know the manual says "Connection blocks are not supported on security appliances. Security appliances only support host blocks with additional connection information." Then why is it give you the option with inline. Also the deny attacker inline doesn't work with it either.