I issue a clear configure all, setup the interfaces and with this minimal configuration, a PC conected to the DMZ interface, can contact the router on the outside.
The ASA routes ip and (this is a lab) cause the router has the ASA as defaut gateway, the packets return to DMZ host.
But there is no Nat Exemption in the configuration!! How can it work?
ASA5520-K8, Version 8.0(2)
you need to read the documentation more
carefully. Starting with Pix 7.x and higher,
"no nat-control" is the default on pix
and ASA. Basically, the pix IS a router.
However, the basic principle still applies.
In other words, you still need ACL for low
to get to high.