We are using ASA, ACS, AD.
The problem is the user who are in disabled group in Active directory can remote access to intranet by SSL-VPN.
The ACS shows that auth fail by "External DB account disabled"
I think the user block by acive directory policy abu still authenticated and connect SSL-VPN.
I'd like block that user in disbaled group in AD.