While setting up per user ACLs in RADIUS for my VPN users I noticed some issues with current on-line documentation. I am using a Cisco ASA 9.2(2) as the VPN concentrator and FreeRADIUS 3.0.2 as the RADIUS server. In the RADIUS users file you need to add your ACLs in this manner:
testuser1 Cleartext-Password := "testme"
Cisco-AVPair = "ip:inacl#101=permit ip any 192.168.1.0 255.255.255.0",
Cisco-AVPair += "ip:inacl#102=deny ip any any",
Service-Type = Framed-User,
Framed-Protocol = PPP,
Framed-IP-Address = 192.168.255.97,
Framed-IP-Netmask = 255.255.255.0,
Reply-Message = "This is a test message"
You should notice the use of "ip:inacl" not "ip.inacl" as most current on-line documentation suggests. Also, make sure you use "+=" for every line other than the first.