Microsoft Windows client using L2TP over IPsec—Specify the PPP
authentication protocol. The choices are PAP, CHAP, MS-CHAP-V1, MS-CHAP-V2, and
PAP—Passes the cleartext username and password during
authentication and is not secure.
CHAP—In response to the server challenge, the client returns the
encrypted challenge plus password with a cleartext username. This protocol is
more secure than PAP, but it does not encrypt data.
MS-CHAP, Version 1—Similar to CHAP, but more secure in that the
server stores and compares only encrypted passwords rather than cleartext
passwords as in CHAP.
MS-CHAP, Version 2—Contains security enhancements over MS-CHAP,
EAP-Proxy—Enables EAP which permits the ASA to proxy the PPP
authentication process to an external RADIUS authentication server.
If a protocol is not specified on the remote client, do no