please give me an advice. I have the following problem. I correctly authenticate remote VPN users outside ASA 5520 via ACS appliance and MS active directory db via DOT1X profile in ACS. Dot1x NAC properly works in normal LAN when using Trust agent. ACS's log shows me passed authentication when trying across VPN but it doesnt receive any posture token so no NAC action happens. I try to run another profile, NAC L3. Everything seems to be correctly configured but ACS ignores the profile, it just shows me that "There is no profile to match" when I turn of Dot1x profile. VPN connection is ok, NAC is enabled in ASA, I have already double checked all possible configuration ... Dont you know what else need to be done to run NAC across VPN???