Lab 1.6 IP ACLs on ASA: Basic issue
I'm confusing with a basic issue related to IP ACLs configuration on ASA.
As detailed by INE's solution for this lab, we can see that this lab applies an ACL on the direction from HIGH SECURITY-LEVEL to LOW SECURITY-LEVEL. So basically speaking, we will intervene the automated inspection engine of ASA for above direction, all non-matching traffic (against ACL, going from high security-level to low security-level) will NOT be inspected to dynamically open holes for returning traffic. Yes, I agree.
But the question is: Will all non-matching traffic (against ACL, going from high security-level to low security-level) be permitted to go through ASA?
I ask this question because INE's solution did not explicitly permit HTTP/FTP traffic going from AAA Server in DMZ to OUTSIDE in outbound ACL but the outside hosts are still able to access these services.
Hope someone could help me.