The outside interface of the ASA is connected to Internet router which is using public IP, and inside interface is private. My local host now can access Internet normally.
The question is how to configure ASA for the DMZ(vpnbranch interface) to allow inbound vpn traffic as this interface will connect to our branch offices by vpn connection and how to allow branch's host to access Internet via the ASA 5520 and my local server farm.
Note: Branch office is using Pix506E and the connection between the branch to headoffice doesn't have Internet access, meaning just only bridge connection.
Access Control lists typically consist of multiple access control entries (ACE) organized internally by the Security Appliance in a linked list. ACEs describe a set of traffic such as that from a host or network and list an action to apply to that traffic, generally permit or deny. When a packet is subjected to access list control, the Cisco Security Appliance searches this linked list of ACEs in order to find one that matches the packet. The first ACE that matches the security appliance is the one that is applied to the packet. Once the match is found, the action in that ACE (permit or deny) is applied to the packet.
Only one access list is permitted per interface, per direction. This means that you can only have one access list that applies to traffic inbound on an interface and one access list that applies to traffic outbound on an interface. Access lists that are not applied to interfaces, such as NAT ACLs, are unlimited.