The problem probably is that you are running 6.3 for your FOS on a PIX. (I admit I didn't look at your config, given I just finished 3 hours wrestling with this myself).
That version of FOS on a Pix will not allow traffic to exit on an interface with equal or higher security. I.e. you are terminating your VPN onthe outside interface (thats where your pool is), and thats where your internet traffic wants to go. Problem is that security wise, thats a bridge, so the pix disallows the traffic.
From what I can tell the recommended solution is to upgrade to 7 if you have enough RAM (128 MB for a 515E fully loaded). In version 7 there is a command "same-security-traffic permit intra-interface" that you can do to move traffic back the way it came, especially VPN traffic.
Its what I did: upgraded, and redid my VPN and firewall rules "new style".
The actual upgrade took me less than an hour from the CCO download to the reload after the conversion, and the extra config work added about an hour so far (Mainly syntax differences I have to unlearn).
FOS 7 has a LOT of changes - its a lot more IOS-like, which means I can stop tripping over config modes, etc.
Think I had a similar problem with our Pix's and what it's related to is the stateful security that is provided by the Pix.
I'm assuming the inside users are able to access the internet fine and the name resolution is working for both inside and pptp clients.
Then it could that the Pix is not able to route traffic in and out the same interface (Doing stateful sec). This effectively is not allowing the clients to come in through the outside interface and the out again to access the internet.
There are several ways to rectify this but would suggest you look at split tunneling so that the clients are able to access the internet via their local connection and not via the VPN connection.
However what we found for our particular environment was that we replaced the Pixs with Routers
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :