I suspect that all you need to do is add a route into your network for
the subnet allocated to the VPN users. You can do this on the fast
Internet ASA, but will also need to put this on the MPLS router, and/or
other routers in your network or via a routing protocol if you use one. On the fast ASA you will also need to add the gobal command
same-security-traffic permit intra-interface
This allows it to route traffic back out of the same interface it received it from. and allow the ASA to act as a router.
This is to ensure that all locations ‘know’ about this subnet. The default route was effectively doing this job before, but now you have changed that to point to the fast ASA, there is no route to the VPN users subnet.