I'm not sure - because the policy has nothing to do with the VPN
You are using route based VPN, so the policy only allows or stops traffic inside the tunnel
users can authenticate, which is because the dial up vpn is configured correctly
but I'm pretty sure the policy is stopping users from connecting to internal resources
can you disable the auth part in the policy and see if it works then ?