Internal hosts behind the ASA cannot access the internet with a L2L tunnel configured. The L2L tunnel is up and passing traffic properly. However, the internal hosts cannot access the internet through the ASA. I think I've got my NAT hosed up somewhere. I can't even get a statically mapped host to the internet. It might be because I am used to having a WAN IP for the outside interface that is different from the CIDR block assigned by the ISP. In this case, it is all together, with the ASA's outside interface occupying the first available address.
We were assigned CIDR range x.x.x.64/28. x.x.x.65 is my gateway and my first usable is .68, per the ISP (I guess they use .66 and .67 for internal use.) The ASA's outside interface is .68 and I'm trying to have it NAT the others. I'm PATing all internal DHCP clients, and have some static entries as well. The relevant NAT config is below. Again, all traffic is passing over the tunnel correctly, just not from inside to outside. If more info is needed, please advise.
ip address x.x.x.68 255.255.255.240
global (outside) 2 x.x.x.69-x.x.x.77
global (outside) 1 x.x.x.78
nat (inside) 0 access-list nonat
nat (inside) 1 10.10.10.0 255.255.255.0
static (inside,outside) x.x.x.69 STATIC_NAT_EXAMPLE netmask 255.255.255.255
access-group internal in interface inside
route outside 0.0.0.0 0.0.0.0 x.x.x.65 1
access-list internal permit ip 10.10.10.0 255.255.255.0 any
!Remote LAN is 192.168.10.0/24
access-list nonat extended permit ip 10.10.10.0 255.255.255.0 192.168.10.0 255.255.255.0