There is no way to pass this packet through the PIX I'm afraid. If it did indeed work in 6.3 then it may not actually be this packet that is causing the problem, since as I mentioned 6.3 would have also dropped this packet. v7.0 does have some much stricter and more defined TCP features where packets will be dropped if they don't conform to certain standards, see the "TCp Normalization" documentation here:
Are you sure there's no other syslog's being generated just after or before this that might give us further clues as to what's being denied? Failing that you will probably need to get Sniffer traces from both sides of the PIX and open a TAC case to get it properly looked at.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
[toc:faq]Introduction:This document describes details on how NAT-T
works.Background:ESP encrypts all critical information, encapsulating
the entire inner TCP/UDP datagram within an ESP header. ESP is an IP
protocol in the same sense that TCP and UDP are I...