I have configure e ipsec remote access VPN

VPN connect receieve ip from the pool i have cofigured everything is ok

I use asa as firewall and ACS for users

as you can see log from asa :

access-list #acsacl line 1 extended permit tcp 192.168.1.0 255.255.255.0 host 10.220.220.5 eq 1988 (hitcnt=0)

access-list #acsacl line 2 extended deny ip any any (hitcnt=59)

line1 does not have any hitcnt , dircetly the request goes on line 2 , the acl above is configured on ACS , so i donnt access host 10.220.220.5 on port 1988

any idea ?