I have a VPN3030 and a Cisco ACS 4.1 SE. I'm using WebVPN and want the URLs displayed to the remote access user to be dependent on the group w/in ACS. I created four external groups w/in the VPN3k and the URLs under each group. I also created the groups in ACS and the users w/in those groups. I tried adding âOU=groupname;â for IETF attribute #25, when I do that, the user authentication fails and in ACS I see the failure and a passed authentication. If I disable attribute 25 or disable authorization, I can authenticate but only get what's defined in the base group. What am I missing?