I've got an ASA running 8.4

I'm trying to get a simple ACL to work, but I'm failing miserably. The core guts of my config are:

interface GigabitEthernet0/0

nameif LAN_1

security-level 100

ip address 172.18.0.1 255.255.255.0

interface GigabitEthernet0/2

nameif LAN_2

security-level 100

ip address 172.18.1.1 255.255.255.0

object network LAN_1_host

host 172.18.0.2

object network LAN_2_host

host 172.18.1.2

access-list LAN_1_access_in extended permit icmp any object LAN_2_host

access-group LAN_1_access_in in interface LAN_1

There are no other access-list or access-group commands. There are no NAT commands.

I cannot ping LAN_2_host from LAN_1_host.

I can ping both hosts from the ASA itself.

If I replace the ASA with a router, I can ping fine.

If I use the ASDM packet tracer, it tells me that the packet is being blocked by a default access list.

What am I missing to make this work ? I this case, I don't want to NAT, I just want to have a basic ACL.

Thanks,

GTG