We are currently using a VPN Concentrator 3030 for remote access VPN tunnels. We plan on migrating to the ASA 5520 series for IPSec client connectivity. We'd like to be able to download RADIUS attributes from ACS 4.0 so we do not have to maintain a ton of different groups locally on the ASA. Has anyone tested split-tunnel lists, downloadable ACLs, etc. with ACS 4.0 and the ASAs?