Hi ,I have successfully configured remote access VPN for router ,it is connected ,but no access to inside ,none of my ip's .I am sure SPLIT_ACL is ok and I have denied NATting them .For me everything is ok .I have done a lot it in ASA without anyproblem.Thanks for comments.

enable secret 5 $1$y0AJ$rhrjbrpe5NDiAyHGlfeNi/

!

aaa new-model

!

!

aaa authentication login bcc_users local

aaa authorization network bcc_group local

!

crypto isakmp policy 10

encr aes

authentication pre-share

group 2

!

crypto isakmp client configuration group ra_vpn_bcc

key *********

dns 8.8.8.8

domain bcc.local

pool vpn_pool

acl SPLIT_ACL

max-users 7

netmask 255.255.255.0

!

!

crypto ipsec transform-set myset esp-aes esp-sha-hmac

mode tunnel

!

!

!

crypto dynamic-map dynmap 10

set transform-set myset

reverse-route

!

!

crypto map CRYPTO_VPN client authentication list bcc_users

crypto map CRYPTO_VPN isakmp authorization list bcc_group

crypto map CRYPTO_VPN client configuration address respond

crypto map CRYPTO_VPN 10 ipsec-isakmp dynamic dynmap

!

!        

interface GigabitEthernet0/0/4

ip address %%%%%%%%%%%

ip nat outside

negotiation auto

bfd interval 50 min_rx 50 multiplier 5

crypto map CRYPTO_VPN

!

!

ip local pool vpn_pool 172.31.255.0 172.31.255.250

ip access-list extended NAT

deny   ip 10.0.0.0 0.255.255.255 172.31.255.0 0.0.0.255

deny   ip 172.16.0.0 0.0.255.255 172.31.255.0 0.0.0.255

deny   ip 192.168.0.0 0.0.255.255 172.31.255.0 0.0.0.255

permit ip 172.16.0.0 0.15.255.255 any

permit ip 192.168.0.0 0.0.255.255 any

permit ip 10.0.0.0 0.255.255.255 any

ip access-list extended SPLIT_ACL

permit ip 10.0.0.0 0.255.255.255 172.31.255.0 0.0.0.255

permit ip 172.16.0.0 0.0.255.255 172.31.255.0 0.0.0.255

permit ip 192.168.0.0 0.0.255.255 172.31.255.0 0.0.0.255