I have hit the same challenge, where I need to authenticate the users against AD and I don't want to use the local CiscoSecure Database in ACS. For hundreds of users, there is no way I'm going to manage a database in ACS for user access. I have to manage the users in AD. I opened a case with Cisco and MS-CHAP is not supported by Cisco ACS, as I was provided this URL link:
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
[toc:faq]Introduction:This document describes details on how NAT-T
works.Background:ESP encrypts all critical information, encapsulating
the entire inner TCP/UDP datagram within an ESP header. ESP is an IP
protocol in the same sense that TCP and UDP are I...