Recently turned up a 3845. Using SDM I configured class-maps and policy-maps. I made sure to add "log" to every deny ACL. The router seems to be dropping some packets and I'm not seeing log messages. When I remove the router interfaces from the zone security (disabling the inspection) everything works just fine. So I know something is being dropped in the security configuration. I am also having problems with NAT when the inspection is active.
Anybody have any ideas?