I am somewhat familiar with radius/tacacs authentication for VPNs on ASA firewalls(and somewhat on IOS router based VPN). What have been able to do using MS IAS radius is have radius return the group policy name for a given user based on group membership. What I am wondering is if the policy itself can be stored in MS IAS, or, more importantly, if the group name/parameters can be specificed using cisco TACACS+ instead of radius for vpn authentication/authorization.