To the best of my knowledge, if the flow in the outbound direction (from higher to lower level) is permitted through a firewall, the corrosponding inbound traffic is permitted too. However, as with all great things, it is not exactly that simple. Lets say, a host sitting on the inside interface is accessing a resource on the outside interface. Lets say that the default ASA behaviour and the NAT configurtions allow the outbound request to pass through, the corrosponding response packets from the outside server will be allowed through to the inside interface... provided that the response comes before the translations time out. This also means that just because a host on the inside can access a server on the outside, the sever does not necessarily have the capacity to initiate communication with the host on the inside.