ASA and DHCP server are direct connected. There is only one L2 switch between them.
Route between DHCP and AnyConnect VPN works properly.
Packet tracer below:
Latest config:
group-policy TEST-POLICY internal
group-policy TEST-POLICY attributes
wins-server none
dns-server value 1.1.1.1 2.2.2.2
dhcp-network-scope 192.168.0.0
vpn-simultaneous-logins 2
vpn-session-timeout 1200
vpn-tunnel-protocol ikev2 ssl-client ssl-clientless
ip-comp disable
split-tunnel-policy tunnelspecified
ipv6-split-tunnel-policy tunnelall
split-tunnel-network-list value VPN-Filter-Split-Tunneling
default-domain none
split-dns none
split-tunnel-all-dns enable
client-bypass-protocol enable
address-pools none
ipv6-address-pools none
webvpn
anyconnect ssl dtls enable
anyconnect mtu 1406
anyconnect keep-installer installed
anyconnect ssl keepalive 15
anyconnect ssl compression none
anyconnect dtls compression none
anyconnect modules none
anyconnect profiles value TEST-PROFILE type user
anyconnect ask none default anyconnect
anyconnect ssl df-bit-ignore disable
always-on-vpn profile-setting
TUNNEL:
tunnel-group TEST-TUNNEL type remote-access
tunnel-group TEST-TUNNEL general-attributes
authentication-server-group [Active Directory]
default-group-policy TEST-POLICY
dhcp-server x.x.x.x
dhcp-server subnet-selection 192.168.0.0
tunnel-group TEST-TUNNEL webvpn-attributes
group-alias VPN enable