To validate your RA tunnels I would start by looking at the tunnel group names with their respective IP local Pool network and compare what type of access they have in the nonat access lists..
for example:
assume you have a RA tunnel group called ratunnel
and a Ip local pool of 200.200.200.1-200.200.200.254 for the RA vpn users.
and you have inside network of 10.10.10.0/24 coming off your firewall inside interface where your inside resources are.
then look at your nonat access list as bellow , you can then say by looking at the nonat acl bellow that any RA vpn client using ratunnel group to connect to your corporate network have access to any host in 10.10.10.0/24 network. You would have to do this validation check for each of the nonat acls pertaining to any other tunnel group names you may have , and also any nonat acl pointing to any other interfaces in your firewall like DMZ interface etc..
access-list inside_nat0_outbound extended permit ip 10.10.10.0 255.255.255.0 200.200.200.0 255.255.255.0
Also you may look at vpn filters that may be apply to particular VPN user for that tunnel.
Rgds
Jorge
Jorge Rodriguez