"If the above is a correct assumption, how come HTTP traffic is allowed to return throught the ASA if I remove the from the "inspect http" command from the global inspection policy map?"
Because the ASA is a stateful firewall. Forget about the inspect stuff for a minute. A stateful firewall will keep track of TCP flags to allow return traffic back in if the connection was initiated from inside. This statement applies to ALL TCP traffic.
The "inspect(s)" are additional bits of code above and beyond the firewall being stateful or not. The inspect code allows the ASA to do other things in addition to keeping track of the TCP flags. So the inspect code for HTTP allows the ASA to look deeper into the packets and have a "limited" understanding of how the HTTP protocol works.
If you turn off HTTP inspection then the firewall will simply revert to being stateful for HTTP and will still allow return traffic.
Compare this with ICMP. Turn off ICMP inspection and see if return traffic is allowed. It isn't unless you explicitly permit it with an acl. That's because ICMP is not by it's nature stateful unlike TCP.
Just to give you a fuller picture. A stateful firewall without any additional inspect code keeps state for TCP and UDP connections.
For both TCP and UDP the src/dst IP address and src/dst port are used. In addition with TCP the tcp flags - SYN/ACK/FIN/RST etc. are recorded because these allow the firewall to keep track of the connection.
UDP is stateless however so the firewall merely uses a timer ie. it sees the original packet going out and it starts a timer. If it sees a response coming back in (based on the src/dst ip and port number) before the timer expires then it considers that packet part of the same connection and allows it back through. So UDP is also tracked although it is a "pseudo" type of state.
All other protocols such as ICMP/GRE/IPSEC etc. are not stateful and a stateful firewall does not keep track of them unless there is additional code ie. the inspect code, to allow it to do so.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...