Each interface on a Cisco ASA has a security level. By default the ASA ACL allows traffic from higher to lower security level, but not the other way around.
Question: Which security level does a site-to-site remote VPN network have? Is it the same security level as the interface that the connection profile is associated with?
Best Answer
See this: What is the ASA packet process order when there is both a VPN and route in place?
Documented information:
Conclusion based on the answer linked above:
See below, all emphasis is mine:
...
Source
Source