The PIX doesn't do stateful ICMP filtering. So even though it's not
blocking outbound traffic from the inside to the DMZ, I can't ping a
device in the DMZ unless I allow at a minimum echo-reply in the ACL
applied to the DMZ interface. Interesting. I guess that's not truly
response traffic but rather new traffic generated in the DMZ.

"Those of you who think you know everything are annoying to those of us who do."