Okay, the config seems to be ok, can you please post your pix config here or if you like e-mail me with it (but pls. remember to exclude your real IP's and passwords), also check the following link to see if can identify the erro ID (sorry just have no time to look it up for you).
Also, a quick thought - on the ACL instead of the outside pix addrs try inside addrs i.e.
> access-list permit tcp host
*Make sure when you change the ACL you include the ACL group cmd, i.e. > access-group inside in interface inside, before you past back into the pix and also use the 'no access-list inside' as the first line on the modified ACL.
Explanation An IP packet was denied by the access-list.
Action Change permission of access-list if a permit policy is desired. If messages persist from the same source address, messages could indicate a foot printing or port scanning attempt. Contact the remote host administrator.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...