I'm trying to configure a VPN tunnel group that doesn't use split tunneling. I get connected via AnyConnect but then can't connect to the Internet. What am I missing?

ASA# sh vpn-sessiondb anyconnect

Session Type: AnyConnect

Username : mmurray Index : 140
Assigned IP : 10.120.20.35 Public IP : 76.X.X.X
Protocol : AnyConnect-Parent SSL-Tunnel DTLS-Tunnel
License : AnyConnect Premium
Encryption : AnyConnect-Parent: (1)none SSL-Tunnel: (1)AES256 DTLS-Tunnel: (1)AES256
Hashing : AnyConnect-Parent: (1)none SSL-Tunnel: (1)SHA1 DTLS-Tunnel: (1)SHA1
Bytes Tx : 19134 Bytes Rx : 17796
Group Policy : vpngroup_no_split_tunnel
Tunnel Group : RADgroup_no_split_tunnel
Login Time : 20:14:59 EST Mon Jan 22 2018
Duration : 0h:00m:05s
Inactivity : 0h:00m:00s
VLAN Mapping : N/A VLAN : none
Audt Sess ID : 0ac833010008c0005a668c93
Security Grp : none

ASA# sh run tunnel-group RADgroup_no_split_tunnel
tunnel-group RADgroup_no_split_tunnel type remote-access
tunnel-group RADgroup_no_split_tunnel general-attributes
address-pool toddsvpnpool
authentication-server-group RADIUS
default-group-policy vpngroup_no_split_tunnel
tunnel-group RADgroup_no_split_tunnel webvpn-attributes
group-alias vpngroup_no_split_tunnel enable
tunnel-group RADgroup_no_split_tunnel ipsec-attributes
ikev1 pre-shared-key *****

ASA# sh run group-policy vpngroup_no_split_tunnel
group-policy vpngroup_no_split_tunnel internal
group-policy vpngroup_no_split_tunnel attributes
wins-server value 10.10.2.1 10.20.2.60
dns-server value 10.10.2.1 10.10.2.2
vpn-idle-timeout 30
vpn-tunnel-protocol ikev1 ssl-client ssl-clientless

ASA# sh run webvpn
webvpn
enable lan
enable outside2
anyconnect image disk0:/anyconnect-win-4.1.02011-k9.pkg 1
anyconnect image disk0:/anyconnect-macosx-i386-4.1.02011-k9.pkg 2
anyconnect enable
tunnel-group-list enable
cache
disable
error-recovery disable