Mr.Marvin 

Thank  for your replay

I did as you told me but unfortunately still no work

the main problem is every nat work as alone but net work together 

so when I did two nat this one only work

 

nat (inside,outside) source static <real source> <translated source> destination static <real destination> <real destination>

even I added this 

nat (inside,outside) dynamic interface

 

if I delete static nat, the dynamic nat for internet work fine.

 

 

 

In NAT rules, their order is important. Make sure the dynamic one for the interface comes after the static one for the VPN.

unfortunately I did as order first static and second dynamic.

still same problem every one work alone but not together. 

check cli

crypto isakmp nat-traversal natkeepalive

The ASA supports multiple IPsec peers behind a single NAT/PAT device operating in LAN-to-LAN or remote access networks , but not both.
NAT traversal (NAT-T) is a feature that allows IPsec traffic to “traverse” through NAT or PAT points without the incompatibilities that would normally arise.
https://www.cisco.com/c/en/us/td/docs/security/asa/asa94/config-guides/cli/vpn/asa-94-vpn-config.pdf

attached my configuration if any one can help me 

! from attachment cfg, one L2L VPN IKEV1 connection
! checking the follow ??
! too many phase1, I have configurated "crypto ikev1 policy 10" only
! "route inside 172.16.80.0 255.255.255.0 172.16.80.1 1"
! Is 172.16.80.0 direct connect ??
! inside host 172.16.88.181, direct connect or route inside??
!
!
!!!!! configuration
!!!!!running ASA Version 9.4(4)25
interface GigabitEthernet0/0
nameif outside
security-level 0
ip address 134.0.x.x 255.255.255.252
!
interface GigabitEthernet0/1
nameif inside
security-level 100
ip address 172.1x.8x.x 255.255.255.0

object network OBJ-172
subnet 172.16.80.0 255.255.255.0

object network NETWORK_OBJ
host 172.16.88.181

object network NETWORK_OBJ
host 172.16.88.181

object-group network L2L_VpnLocalNet
network-object host 172.16.88.181

object-group network L2L_VpnRemoteNet
network-object host 172.16.44.192

access-list vpn-tunnel extended permit ip host 172.16.88.181 host 172.16.44.192

object network OBJ-172
nat (inside,outside) dynamic interface

nat (inside,outside) source static L2L_VpnLocalNet L2L_VpnLocalNet destination static L2L_VpnRemoteNet L2L_VpnRemoteNet no-proxy-arp description NoNat

route outside 0.0.0.0 0.0.0.0 134.0.x.x 1

!phase2
crypto ipsec ikev1 transform-set AFS esp-3des esp-sha-hmac

crypto ipsec security-association pmtu-aging infinite
crypto map AFS-TUNNEL 555 match address vpn-tunnel
crypto map AFS-TUNNEL 555 set pfs
crypto map AFS-TUNNEL 555 set peer 85.x.x.x
crypto map AFS-TUNNEL 555 set ikev1 transform-set AFS
crypto map AFS-TUNNEL 555 set security-association lifetime seconds 28800
crypto map AFS-TUNNEL 555 set reverse-route
crypto map AFS-TUNNEL interface outside

crypto isakmp identity address
crypto isakmp nat-traversal 20
crypto ikev1 enable outside
!Phase1
crypto ikev1 policy 10
authentication crack
encryption aes-256
hash sha
group 2
lifetime 86400


tunnel-group 85.x.x.xtype ipsec-l2l
tunnel-group 85.x.x.xipsec-attributes
ikev1 pre-shared-key *****
isakmp keepalive threshold 15 retry 3

I changed  ip address from reality for security reasons .

dont worry about route and vpn its work fine.

even I make change as you mention but same internet not work only work if i keep dynamic nat at top and vpn will not work

outside equipment (router/Firewall) should static map a public IP address to ASA outside interface (ip address 134.0.x.x 255.255.255.252)

any one can help