RA-VPN : Cisco VPN client & ASA (psk) - ping not working..!

I'm doing this lab on GNS

The topology for Remote access vpn using cisco vpn client & asa with preshared keys.

asa1 is the easy vpn server.

I'm using ASA 8.4

network between R1 & ASA1 - 10.1.101.0/24

network between R2 & ASA1 - 192.168.1.0/24

network between R2 & cloud - 192.168.2.0/24

Default routes from R1 to ASA1

Default route from ASA1 to R2

R1 - loo1- 1.1.1.1/24

cloud is the pc being used for remote access connections

pc ip add (the cloud) - 192.168.2.200

there is a static route from pc to ASA1's outside int (192.168.1.10)

isakmp parameters - psk , 3des , sha , gr-2

ipsec parameters - 3des , sha

username remoteuser & pass - user123 , is created on asa1

address pool - 192.168.21.1-192.168.21.5

user's {i.e; PC (cloud,in the diagram) } traffic destined to an ip 1.1.1.1should be encrypted, remaining should dent out in clear text.... - This is the task

config on asa1#

crypto ikev1 enable outside

#cry ikev1 policy 1

  auth pre-shared

  encr 3des

  hash sha

  gr 2

#cry ipsec ikev1 tra TSET esp-3des esp-sha

#ip local pool EZ-POOL 192.168.21.1-192.168.21.5 mask 255.255.255.0

#access-list SPLIT standard permit host 1.1.1.1

#group-policy SPLIT internal

#group-policy SPLIT attributes

  vpn-tunnel-protocol l2tp-ipsec

  split-tunnel-policy tunnelspecifies

  split-tunnel-network-list value SPLIT

#tunnel-gr SALES type remo

#tunnel-gr SALES general-attributes

  default-group-policy SPLIT

  address-pool EZ-POOL

#tunnel-gr ipsec-attributes

  ikev1 pre-shared-key cisco123

#cry dynamic-map D-MAP 10 set tra TSET

#cry map MAP 1 ipsec-isakmp dynamic D-MAP

#cry map MAP int outside

#username remoteuser pass user123

#username remoteuser attributes

  vpn-group-policy SPLIT

#route inside 1.1.1.0 255.255.255.0 10.1.101.1

.

.... also there is a static route route from PC to 192.168.2.2 (r2's int)

...

now when I connected to ASA's out int (192.168.1.10) through VPN client software on my PC with group-name : SALES , pass : cisco123

and user-remoteuser , pass - user123 ,

I got connected..

but when I tried to ping from cmd prompt on my PC to 1.1.1.1 I wasn't able to..

the packets are not getting decrypted on my side.

also there are no packets getting decrypted on ASA (when I typed #sh cry ipsec sa)

address is being assigned from the pool to my pc.

when I checked (#logging on) & (#debug cry isakmp 50) on asa , the messages of PHASE-1 & PHASE-2 completed are being shown..the tunnel is established , but the packets are not getting decrypted at asa side..

can anyone please address my issue..

I'm unable to understand what is the problem at encryption and decryption..!!

Thank you,