Hello

Would you please help me for basic question?

from PC2 I can not ping to pc1 or pc3. confirm 3 PC had correct IP and gateway.

if I put a router in pc 1 and pc3 then enable icmp debug, icmp can receive and had been reply.

So the question is why icmp can not come back. It should able to come back as this is stateful firewall. Am I right?

If I create an acl to allow pc1 and pc3 inbound, pc2 can ping to pc1 and pc3.

why PC1 can ping to g0/2? Wan interface allow ping by default?

Thank you.

ciscoasa# show access-list
access-list cached ACL log flows: total 0, denied 0 (deny-flow-max 4096)

alert-interval 300
ciscoasa# show run int
!
interface GigabitEthernet0/0
nameif inside
security-level 100
ip address 192.168.0.1 255.255.255.0
!
interface GigabitEthernet0/1
nameif dmz
security-level 50
ip address 192.168.1.1 255.255.255.0
!
interface GigabitEthernet0/2
nameif outside
security-level 0
ip address 198.51.100.100 255.255.255.0
!
interface GigabitEthernet0/3
shutdown
no nameif
no security-level
no ip address
!

https://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/115904-asa-config-dmz-00.html