I've recently just done this.

Syed has the acs part down.

Heres a sample config part for ASA.

group-policy VPNC_TEST_GP attributes

group-lock value TEST_VPN_GROUP

default-domain value MYDOMAIN.COM

tunnel-group TEST_VPN_GROUP type remote-access

tunnel-group TEST_VPN_GROUP general-attributes

address-pool TEST_POOL

authentication-server-group RAD_VPN_GRP LOCAL

accounting-server-group RAD_VPN_GRP

default-group-policy VPNC_TEST_GP

tunnel-group TEST_VPN_GROUP ipsec-attributes

pre-shared-key *

***********************

On ACS, Group setting Radius IETF ATTR 25

************************

OU=VPNC_TEST_GP;