Three zones/interface are used on ASA
Internet - security level 0
Inside - security level 100 with ipsec configured for vpn clients
DMZ - security level 100
Traffic from Inside to Internet works fine without ACL.
Traffic from DMZ to Internet works when ACL is applied.
As per my knowledge traffic from higher security zone to lower zone is allowed by default.
Please suggest what could be the reason here.
It should be permited by default...
does not make any sense
Can you share the configuration while not working, and the IP address of the source and destination you are using
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: