I'm run a ACS 2.4.3\NAS (radius) dial-in service, and when the dial-in user come in, they are authenticated and given a static IP.

What I would like to do is also apply an outward-bound (on the NAS i/f) ACL that restricts the user to only going to destination address's I specify.

How is it done, as I don't undertsand how to configure AV pair 242 (assuming it is 242)?