On a Cisco ASA, which of the following RADIUS authentication protocols are not supported? (Select 2 choices.)

A.
CHAP

B.
EAPMD5

C.
PAP

D.
PEAP

E.
MSCHAPv1

F.
MSCHAPv2

Explanation:
Neither Extensible Authentication Protocol (EAP)Message Digest 5 (MD5) nor Protected EAP (PEAP) are
supported by the Remote Authentication DialIn User Service (RADIUS) server on a Cisco Adaptive Security
Appliance (ASA). RADIUS is an Authentication, Authorization, and Accounting (AAA) server that uses User
Datagram Protocol (UDP) for packet delivery.
RADIUS and Terminal Access Controller Access Control System Plus (TACACS+) server groups on a
Cisco ASA support Challenge Handshake Authentication Protocol (CHAP), Microsoft CHAP version 1
(MSCHAPv1), and Password Authentication Protocol (PAP). A Cisco ASA supports a number of different AAA
server types, such as RADIUS, TACACS+, Lightweight Directory Access Protocol (LDAP), Kerberos, and RSA
Security Dynamics, Inc. (SDI) servers.
When authenticating with a TACACS+ server, a Cisco ASA can use the following authentication protocols:
– ASCII
– PAP
– CHAP
– MSCHAPv1
When authenticating with a RADIUS server, a Cisco ASA can use the following authentication protocols:
– PAP
– CHAP
– MSCHAPv1
– MSCHAP version 2 (MSCHAPv2)
– Authentication Proxy Mode (for example, RADIUS to RSA/SDI, RADIUS to Active Directory, and others)
Cisco: Configuring AAA Servers and the Local Database: RADIUS Server SupportCisco: Configuring AAA
Servers and the Local Database: TACACS+ Server Support