The configuration did not have a nat (inside) 0 command to an Access Control List (ACL) to designate that the traffic from the internal subnets destined for the VPN pool would not have Network Address Translation (NAT) applied. The return traffic was using NAT and the connection was failing.
Create an ACL that permits the internal subnet to the VPN pool, and then point the nat (inside) 0 command to that ACL.
A partial sample configuration follows:
ip address inside 10.1.1.1 255.255.255.0
ip local pool vpnpool 192.168.1.1-192.168.1.254
access-list nonat permit ip 10.1.1.0 255.255.255.0 192.168.1.0 255.255.255.0
nat (inside) 0 access-list nonat