Thank You Sir for your intervention. I have checked all the things suggested by you and specially VPN-ACL all are seems up to the mark. 

Plz find below observation:

1. We are able to take RDP of server when connecting VPN using other user's credential on same system. But particular User is only facing issue.

2. Usually i logged in VPN and take RDP from my system but If i am using reported user's credential on my system --VPN is showing connected but unable to take RDP.

It means there is some issue with VPN profile only ..i just recreated the profile but same issue persisting..

Any other things i can check for this issue..?

Hi Vikas, 

If we compare a working scenario and non-working scenario: 

In working scenario and non-working: 

Send me please "show vpn-se ra-i filter name <user_name>" 

Also does authentication happened against a AAA server? If yes, then what is that server ? 

Is there a specific RADIUS attributes given to that non-working user ? 

Try also to remove the user from the AAA server and re-create it again. I faced similar issue before and this helped resolve it. 

Hi Dina,

Thanks for your response !!

Please find the attachment for show vpn-se ra-i filter name <user_name>

Note: Non-working User - ilyas     & Working User-Imtiaz

AAA server Authentication is happening through our AD server and that is fine because non working user (ilyas) is able to take remote desktop without connecting VPN but he is facing issue only when he try to connect with VPN.

what else i can do in troubleshooting ? Please advise.

Hi Vikas, 

Comparing working user and non-working user. Working user is able to transmit traffic: 

Username     : imtiaz                 Index        : 9819
Assigned IP  : 10.164.205.143         Public IP    : X.X.X.X
Protocol     : IKEv1 IPsecOverNatT
License      : Other VPN
Encryption   : AES256 AES128          Hashing      : SHA1 SHA1
Bytes Tx     : 92011                  Bytes Rx     : 108861

Where non-working user is un-able to do that: 

Username     : ilyas                  Index        : 9820
Assigned IP  : 10.164.205.143         Public IP    : X.X.X.X
Protocol     : IKEv1 IPsecOverNatT
License      : Other VPN
Encryption   : AES256 AES128          Hashing      : SHA1 SHA1
Bytes Tx     : 0                      Bytes Rx     : 5493

User "ilyas" is unable to reach anything? Or only RDP to server ? Try to ping anything from this user, is it pingable ? 

Do you have any Identity firewall setup on your network ? 

Back to our previous question, is their any specific attributes assigned to that user from the AD ? 

Hi Dina,

Yes , user "ilyas" is unable to reach anything .. and ICMP is disable so nothing is pingable.

Yes i have two firewall setup in my network.

There is no specific attribute in AD for that non working user ..

Please refer route print when we connected VPN (It seems fine).

Hi Vikas, 

Please see this link to see what I mean so far with Identity firewall: 

https://supportforums.cisco.com/document/80646/asa-idfw-identity-firewall-step-step-configuration

Let me know also if we have any Identity firewall setup on our ASA 

Also have a check for any dynamic access policies. 

show running-config all dynamic-access-policy-record

One other thing - are both users RDPing to the server via its IP address or are they using DNS FQDN?

If the latter, verify that it can resolve for the non-working user via nslookup.

Hi Marvin,

Working and non workinf user won't be able to ping RD server as ICMP is blocked. And even both user are not able to ping DNS also..

Monitoring > VPN > VPN Statistics > Sessions : (ByteTx is showin as 0 while ByteRx is showing connections so it means non working unable to transfer the traffif ...)

Hi Maddy, 

Yes this what I was suspect here, that's why I asked if we have any Identity Firewall Configuration on your ASA. 

Nice so far to see your issue resolved :) 

:)