I have an ASA5520 that I have created a Tunnel-Group and Group-policy to authenticate our remote Cisco VPN software clients via RADIUS. In addition, I have the ACS server setup to assign DHCP ip addresses to the users, as well as integrated AD authentication working for these users.
All this is working beautifully.
The last piece I can't seem to get working is pushing Downloadable ACL's to the users based on the user group the users are in on the ACS server. I have been able to configure a Downloadable ACL, and associated it to the user group on the ACS, but the acl is not applying on the ASA or to the user once the user connects and authenticates to the ASA.
What configurations need to be defined on the ASA to allow the Tunnel-Group and Group-Policy for the remote users to use the Downloadable acl from the ACS server
(e.g vpn-filter or other acl reference)?