I know this question seems more a micr****t question but still I want to give it a try since today I was struggling with that argument , create an account unit and make the Identity Awareness went pretty fine .
Users are authenticated with ldap ,defining an ldap group in such way
-Only group in branch (dn prefix) CN=test,OU=customer,DC=customer,DC=local does not seems to match the group test in the OU customer and the remote access traffic are hitting clean up rule
while define the group in the way
-Only Sub Tree CN=Users DC=customer,DC=local match my remote access rule with as a source the defined ldap group
Triple checked the path on the domain controller , looks like I'm missing something obvious here , if someone got some hint I'll appreciate it