We have ISE authentication on VPN, when successful ISE returns the session timout, idle timeout and the Group Policy . The Group Policy configured on the FMC also sets the session and idle timeouts. We appear to be getting mixed results, some users are getting ISE limits and some are getting the Group Policy limits. Which is supposed to have priority?