I need your help to understand something about the stateful inspection.
Say we have a source X (initiator) that wants to access a destination Y that is in the "inside" network of the ASA. The source X is accessing Y across a tunnel.
We have an Crypto ACL allowing this traffic (mandatory to establish tunnel). On the "inside" interface we have an ACL applied but do not have a line allowing Y to reach X.
Since X is the iniator and ASA is configured to allow X->Y, based on the session table will the return traffic be allowed though the inside ACL doesn't allow?
If yes this logic should be applied for normal traffic as well?