Looks like ASA >= 9.2.4 ships with `icmp unreachable rate-limit 1 burst-size 1`, which is I believe the workaround Cisco suggests:
We recommend that you grant permission for the ICMP unreachable message type (type 3). Denying ICMP
unreachable messages disables ICMP Path MTU discovery, which can halt IPsec and PPTP traffic.
See RFC 1195 and RFC 1435 for details about Path MTU Discovery
We recommend that you grant permission for the ICMP unreachable message type (type 3). Denying ICMP unreachable messages disables ICMP Path MTU discovery, which can halt IPsec and PPTP traffic. See RFC 1195 and RFC 1435 for details about Path MTU Discovery