why remote users using their Cisco VPN software client are not able to reach the 172.16.0.0 networks behind R1 once they successfully VPN into R1?
What as-path access-list regular expression should be applied no R2 as a neighbor filter-list to only allow updates with an origin of AS65503?