Hello

Three zones/interface are used on ASA

Internet - security level 0

Inside - security level 100 with ipsec configured for vpn clients

DMZ - security level 100

Traffic from Inside to Internet works fine without ACL.

Traffic from DMZ to Internet works when ACL is applied.

As per my knowledge traffic from higher security zone to lower zone is allowed by default.

Please suggest what could be the reason here.

Regards

Jawwad