I ran into an issue with a customer where we setup his remote-access vpn via ASDM and used the same name (eg. itvpn) for the group-policy and tunnel-group. After putting the ASA on the network we were able to connect via VPN client, however we never saw any traffic being decrypted at the client end.
I then removed all the config from the CLI related to the remote-access vpn and put it back in via the CLI (instead of ASDM). The only difference I can see between the two configs is the second one I used a different name for the group-policy (eg. itvpnpolicy) and tunnel-group(eg. itvpn). We were then able to see decrypted packets at the client end and everything worked.
Does anyone have a working configuration where they are using the same name for both the group-policy and tunnel-group? Am I nuts in thinking you can't use the same name for both? Just curious if maybe I'm missing something when comparing the two configs.