The setup is an ASA for AnyConnect with Microsoft NPS(RADIUS), the NPS is for authenticate users, applies a NPS Policy.
Then the ASA apply correct GroupPolicy for a user.The ASA check with NPS if the user is a AD-group that are allow to use VPN, depending on the AD-group different NPS-policy are applied. NPS-policy's has different RADIUS class 25 values, the values are GroupPolicy's on the ASA. The NPS respond to ASA so right ASA GroupPolicy applied on the user, the GroupPolicy on the ASA then map users to different DHCP-pools.
But after upgrade from ASA 188.8.131.52 to later version 9.12.4.xx, the ASA doesn't seems to read the RADIUS Class 25 value correct. User doesn't get the right GroupPolicy, users just gets default GroupPolicy for ConnectionProfile.
Has someone else encountered this problem after upgrade from ASA 184.108.40.206?
Setup: ASA5512-X with asa220.127.116.11 or asa18.104.22.168