We are setting up a new VPN using a ASA5500 that sends authentication requests to an ACS that int turn forwards the authentication a RSA securid server. When using the MS L2TP client the only wat to get it to work is by using PAP. How secure is this? Is the authentication encapsulated in IPSEC? Since we are using sureid tokens if the username and password is sent in cleartext is there a real problem if someone does intercept it?
I have this problem too.