Setting up a new DMZ on my ASA 5520 running 7.2(3). I want to allow by exception into the internal network, but allow everything out to the external network. I'm only using private addresses on the internal network. If I simply have a few permit statements in the acl, followed by deny to 10./8, 172.16/12, 192.168./16, that should cover all of the internal networks that I'm using (subnetted 172.16. & 10. networks), right?
At first I was trying to do a deny statement for each internal network, but that's going to be a pain to implement and maintain.