FirePass to APM Conversion - tcl help needed

I am hoping this is the correct forum ...

 

 

 

How do I replicate this functionality from the FirePass in APM ? I make extensive use of Network Access, so rather than manage lots of resources and the associated assignments. To control IP address access on a per user basis, this is stored in Active Directory in the notes field, which is basically free text, of the user profile. The entry looks like this ...

 

 

 

FirePass

 

VPN: 192.168.0.0/24 192.168.1.3 192.168.5.15 192.168.128.0/25

 

VPN_Exclude: 192.168.0.0/28

 

 

 

When the FirePass parses this it creates the session variables %session.ad.auth.vpn% and %session.ad.auth.vpn_exclude%, which contain their respective values. I then use the session variables as the Lan space address in the network access resource.

 

 

 

The APM, handles this very differently. The session variable becomes attr.info and set to '46697265506173730d0a56504e3a203139322e3136382e302e302f3234203139322e3136382e312e33203139322e3136382e352e3135203139322e3136382e3132382e302f32350d0a56504e5f4578636c7564653a203139322e3136382e302e302f3238', which is the hex ASCII representation. Ultimately I need to end up with a session variable such as attr.info.vpn, that would contain the list

 

 

 

192.168.0.0 255.255.255.0

 

192.168.1.3 255.255.255.255

 

192.168.5.15 255.255.255.255

 

192.168.128.0 255.255.255.128

 

 

 

I can use this in the network access resource in the same way as the FirePass. I am not familiar with tcl, but I do know that I can use the binary format command to convert the session variable back to a string. I am wondering if anyone else has had to solve this problem or something similar or can help with the code.

 

 

 

Thanks.