When configuring the ACS portion you can use two methods: "Cisco ACS" downloadable access-lists, "Any Radius Server" downloadable access-lists (my favorite), or you can send the filter attribute which points the user to a defined acl on the ASA. Either way you choose, you will have to first create a network authorization profile which will have the radius attributes in the formats that are outlined in this guide. You will create an authorization policy that will call this authorization policy as the result when they meet this condition.
Let me know how things go, if you get stuck, please posts screenshots so I can help you further.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
[toc:faq]Introduction:This document describes details on how NAT-T
works.Background:ESP encrypts all critical information, encapsulating
the entire inner TCP/UDP datagram within an ESP header. ESP is an IP
protocol in the same sense that TCP and UDP are I...