We have an ASA 5505 and its configured to use a Freeradius server that authenticates using openLDAP. I’m trying to configure Dynamic Access Policies to restrict access based upon what group a user belongs to. In LDAP I have an attribute called vpnaccess with values “systems” and “common”. Also, I’ve created an LDAP Attribute Map mapping the vpnaccess to `Cisco IETF-Radius-Class’, mapped the two attribute values to Cisco Attribute Values. I think this is where I get hung up. I created a DAP policy with a AAA Attribute: Radius.25 = vpnAccess. When I connect it doesn’t select my DAP policy but falls through and selects the DflltAccessPolicy which I have configured to terminate the connection.