I see allot of these icmp deny messages, basically someone out there is sending icmp traffic on to your inside ip address - to state the obvious - but you firewall is doing exactly what it was configured to do i.e. STOP icmp sweeps etc. Is all of the icmp source address the same? If so then you can look up one of these addresses by going to www.whois.org and use the whois resources section to ascertain the owner/ISP of the ip address.
I doubt that all the source addresses are the same; unfortunately in this case you'll find it hard to track down the originator!! But as I mentioned before your PIX is doing its job correctly and denying all icmp traffic.
I wouldn't worry too much about these icmp traffic. One thing you can also do is to go to www.grc.com and use shields up service to check if there are any 'holes' on your firewall, this service I've used many times and it's secure and free.
Hope this helps and let me know if you need any further assistance.
This is how the PIX is seeing this packet. Somehow this host at 10.41.52.99 tried to icmp to 10.38.127.6 address. since it is not falling in the same subnet range as of source host, the packet will come to pix and get discarded there.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...