cisco asa access-list/access-group in/out question

in the asdm how to specify whether an access-list is going in or out.     I know in the cli i could probably type access-group in or out.  but in the asdm every access-list automatically goes in the in direction.      

Also, i have a dmz interface with security zone 50 and of course inside interface is of course security 100.    of course i can ping from inside to dmz since it's higher to lower security.   from dmz to inside i need an access-list since it's lower to higher zone.   i have an access-list allowing traffic from source dmz to destination inside and it's working fine.    The access-list if you look at the cli is applied in the in direction on the dmz interface.     I'm a little confused.  it seems it should be applied in the out direction since the traffic is leaving the dmz to go to the inside interface?
techlindenAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

techlindenAuthor Commented:
nevermind.  i think im an idiot.  i found where you can specify the direction in the asdm.  kind of weird though that the traffic from the dmz to the inside is allowed via an access-list in the in direction to the dmz interface
naderzCommented:
You have to look at it from the interface's perspective. When the traffic leaves the dmz it goes into the interface; therefore "in". When the traffic goes to the dmz it goes "out" of the interface and into the dmz.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
techlindenAuthor Commented:
that's a very good explanation.       i'm going to copy it because i will forget since it seems a little illogical since if i was an interface i would consider traffic leaving the dmz as going out of the interface.  however if i reverse the direction of the access-list it blocks the traffic so i don't doubt that you are correct since it's working this way.     thanks so much
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Cisco

From novice to tech pro — start learning today.