The Internet is becoming a vital communication tool for individuals, businesses, and governments. Thus, the Internet access reliability is crucial especially against malicious behaviors. When a malicious higher-tier Internet service provider filters transit traffic for the purpose of dropping a specific network's packets, then an Internet access denial occurs. This paper presents a solution for the denial of the Internet access problem that combines a network address translation based solution with a tunnel-based solution. The network address translation based solution is efficient in terms of network performance but suffers from a server reachability problem; a problem that is solved by using a tunnel-based solution. Moreover, the paper evaluates the combined solution performance with respect to the end-to-end delay and the throughput metrics. The combined solution has insignificant effect on these two metrics when traffic originates from the denied network and is forwarded outside the denied network. In contrast, and dependent on the tunneling protocol used, the combined solution increases the end-to-end delay of the network by at least 6% and decreases the throughput of the traffic by at least 1.65% when the traffic is originated outside the denied network and is intended for servers inside the denied network. Copyright © 2013 John Wiley & Sons, Ltd.