It's not possible to replicate ACLs anymore (that is, from the author instance to the publish instance).
This behavior is by design.
The ACLs in CQ5 are content-centric, and not user-centric as in CQ4. Usually you have different access rights on publish and author from a content perspective. So it makes no sense to replicate the content-centric ACLs anymore.
With a CUG (closed user group), Adobe is working on an out-of-the-box solution. In the pageprops of a page, it will allow you to protect this page (and all subpages) by a specific CUG. That way, only users that are members of a specific group have access. The ACL on the publish is set on the publish itself automatically if the page is activated.