hello,

i have asa configured as a vpn firewall, where nat 0 is configured and crypto map applied on the outside interface.

can i allow to pass hrough the same firewall (inside interface, and outside interface where isakmp is enabled and crypto map is applied) a normal browsing traffic to surf the internet?

shall i add deny lines in the nat 0 accesslist or just not to add the source ip of the traffic that will use the vpn firewall for just surfing the internet ?

B R,