Hello everyone, please help me. I want to create 3 sections: INSIDE, OUTSIDE and DMZ. With OUTSIDE it is possible to ping, and access services in the DMZ. INSIDE also does the same thing and it has the addition of being able to ping OUTSIDE(8.8.8.8), only INSIDE can ping OUTSIDE, not the reverse (OUTSIDE cannot ping INSIDE), I used the following methods: rules like 

access-list DMZ-ACCESS extended permit icmp any any

access-list DMZ-ACCESS extended permit tcp any any eq www

access-list DMZ-ACCESS extended permit tcp any any eq 8080

access-list DMZ-ACCESS extended permit tcp any any eq domain

access-list DMZ-ACCESS extended permit udp any any eq domain

access-list DMZ-ACCESS extended permit udp any any eq bootps

access-list DMZ-ACCESS extended permit udp any any eq bootpc

access-list INTERNET-ACCESS extended permit icmp any any

access-list INTERNET-ACCESS extended permit tcp any any eq domain

access-list INTERNET-ACCESS extended permit udp any any eq domain

access-list INTERNET-ACCESS extended permit tcp any any eq www

access-list INTERNET-ACCESS extended permit tcp any any eq 8080

access-list INTERNET-ACCESS extended permit tcp any any

access-list IN-DMZ extended permit tcp any any

access-list IN-DMZ extended permit udp any any

access-group DMZ-ACCESS in interface DMZ

access-group IN-DMZ out interface INSIDE

access-group INTERNET-ACCESS in interface OUTSIDE 

I have applied the above rules but web access to DMZ is not possible. And what I don't want is for OUTSIDE to be able to access INSIDE. So please help me everyone