delete untrust to trust policy allow-dynvpn-internal, you cannot use security policy to control dynamic vpn access . you need to have any any policy. in your case you need to specify the dynamic vpn policy from untrust to trust as groups config wont take effect if there are no policies in that context.
step 1 - delete current untrust to trust policy
step 2. configure any any policy with dyn-vpn between untrust to trust
step 1 - delete current untrust to trust policy
step 2. configure any any policy with dyn-vpn between untrust to trust