I replaced Old pix with ASA (7.2). There were groups configured for remote VPN users authenticated through the ACS and ACS download a specific ACL for each group to the PIX. After replacement, Users cannot establish the VPN connection.After troubleshooting I discovered that Downloadable ACL were not working fine. When I disabled this option the tunnel established. When I return back to the old pix with the same configuration,it works fine with downloadable ACL option. I opened a TAC case and he said the ACS v3.0 (which i have) are not compatible with ASA. he didnt convince me really and he asked to try to use the AV pair option. I tried AV pair option with ASA and it was not working also. can you please advice.
Check this out,
Also, 3.0 is very old, and I suppose in that version we had "Downloadable PIX ACLs" and not "Downloadable IP ACLs", On ASA Download able ACL will work but with "Downloadable IP ACLs" but not with "Downloadable PIX ACLs".