The ASA has a feature called TCP normalization which helps to protect from possible attacks.
For example the ASA can allow, drop, or clear a packet or an option within the packet.
The default configuration includes the following actions and settings:
queue-limit 0 timeout 4
tcp-options range 6 7 clear
tcp-options range 9 255 clear >>>>>>> TCP option 76 is part of this range
tcp-options selective-ack allow
tcp-options timestamp allow
tcp-options window-scale allow
In this case Riverbed uses TCP option 76 which on the ASA configuration is set to be cleared by default out of the packet causing the connection to fail.
Here is a configuration example to allow tcp-option 76 through 78.
access-list riverbed_tcp extended permit tcp any any
match access-list riverbed_tcp
tcp-options range 76 78 allow
set connection advanced-options allow-probes
service-policy global_policy global
Here is the Cisco documentation that confirms TCP normalization behavior:
Here is another document that I found that is not Cisco but that gives out an example on how to do this over CSM:
On this document you can even see how it should show up on a wireshark display and understand a little more about TCP options: