What I have:
On ASA I have an Anyconnect Connect Profile, in this profile, I have a default Policy (the system is forcing me to add one policy, I have a URL https://url1/radius and the AAA is Radius.
On RSA (RADIUS Server) I have the agent that communicates with the ASA (is working ok) I am able to authenticate all the users from MY RSA Server to VPN.
I have two profile Profile1 Return List Attributes: Cisco-AVPAIR[M][O] ou=POLICY1
Profile2 Return List Attributes: Cisco-AVPAIR[M][O] ou=POLICY2
I have assigned the Profile1 to user 1 and Profile2 to user2
and I have checked the options Sent user's RADIUS Profile when both user and agent have profiles assigned to them
But still, both user1 and user2 when are using https://url1/radius they have the default policy for authorization, not the POLICY1 or POLICY2
What I am doing wrong?