We have an ASA that allows remote VPN users. It connects to a Windows 2008 server. That server connects to a radius server, also Windows 2008. Things work fine if we enable PAP on the radius server, and the remote site server. If we disable PAP on either one, we lose the ability to authenticate. Is this unsafe ?