I looked around but didn't see this before. I'm running two 515's in failover on 6.3(3).
Over the weekend, the Turbo ACL (only 32 elements) applied to my outside interface stopped working. This happened at 4am, so it wasn't due to any changes in configuration. As a result, all inbound connections to static hosts were refused and logged as denied.
I was able to correct it by removing the ACL and re-applying it to the PIX. The 515 had been running 6.3(3) for a week prior to this happening.
My search for a bug dealing with Turbo ACL's and PIX os 6.3(3) did not return anything. The turbo ACL feature only serves to reduce the size of the ACL. I dont think the ACL's not getting compiled would result in the behaviour you saw. Guess you might be running into some other bug.
To get a copy of the maintenance release, you need to request it from the TAC. If you don't have a support contract with Cisco anymore, you should still be able to get a copy of the release based on this security advisory:
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...