I have an ASA5520. Currently I have client VPNs coming into it. They authenticate via RADIUS to a Microsoft IAS server. The ASA has 2 licenses for SSL VPN. I want them reserved for my IT staff. I configured the AAA Server Group on it to point to the IAS server. The way IAS works is you create access policies for users to authenticate to. The first group they authenticate to is the one they use. Does anyone know how to configure the ASA so I can have 2 different groups for authentication? Do I need to go to LDAP?