Problem Description

AC cannot get address via DHCP and so the connection fails.
It works fine from local pool.

Validating address: 0.0.0.0
CSTP state = WAIT_FOR_ADDRESS
webvpn_cstp_accept_address: 0.0.0.0/0.0.0.0
webvpn_cstp_accept_address: no address?!?
CSTP state = HAVE_ADDRESS
No assigned address
webvpn_cstp_send_error: 503 Service Unavailable
CSTP state = ERROR

Resolution Suammary

Add a route-lookup keyword at the end of the VPN NAT statement.

Explanation:
This  is expected behavior. A change to NAT behavior was made in the 8.4.4.7  release that was intended to correct a manual NAT ordering execution  problem.  In effect, this change caused all manual NAT entries to create  entries in the ASA NAT divert table.  However, this change also had  some unintended side effects which caused traffic to be routed out the  incorrect egress interface due to using the divert table even if the  egress was in conflict with the ASA's routing table. 

So  in simple words without the route-lookup, the DHCP offer packet was  matched again the manual NAT statement for VPN and then it will be  diverted to egress interface in the NAT statement, so the ASA will  consider this and passing through packet not terminated at the ASA  (because the ASA adds the DHCP network scope as an identity route).

When  we add the route-lookup the ASA will see that the route for this DHCP  network scope is in conflict with the egress interface of the NAT, so it  will use the route which is needed.