Typically, user/client network are configured with the highest security level (normally name: inside), and the server network would have lower security level than the inside network.
Example:
Inside network: security level 100
Server network: security level 50
Traffic from inside to server (if you don't have any ACL applied to inside interface) will be allowed by default.
Traffic from server to inside (because it is lower security level), will not be allowed by default, unless you configure ACL and apply it to the server interface to allow connection to be initiated from the server side.
Here is a sample configuration for your reference:
http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00806745b8.shtml
Hope that helps.