Face some problems.
Internet---X1---------X2-----Megapot-------Y1
X1,X2 and Y1 are IOS router. Megapot is a DSL service without the Internet access. So, I do a IPSEC tunnel from Y1 to X2 with the access list permit any any(have some deny statement before this). I was able to reach the server behind X2 using private address but I cannot go to the internet for Y1. So, I wandering is that anything that I miss out in X1,X2 or Y1. Or is this solution not workable? THanks