Trying to understand how PAP works.

http://deployingradius.com/book/concepts/nas.html <- what is NAS

https://www.ciscopress.com/articles/article.asp?p=1218144&seqNum=2 <- very good article

SSLVPN security considerations

Security Threats

The following sections look at the common security risks that are associated with SSL VPNs.

Lack of Security on Unmanaged Computers

As mentioned earlier, SSL VPNs can support users coming from any computer on the Internet,
such as public domain machines (for example, kiosk PCs) that are not controlled by the corporate
IT department. This department ensures that the machines have proper service packs and security
software, such as antivirus software. This poses a major threat to security. If, for example, SSL
VPN users sign in to the SSL VPN from a compromised or infected PC, they can become a
source for spreading viruses, worms, network attacks, and Trojan horses into the corporate
network.

Several other security risks mentioned in the sections that follow are also related to these security
threats. In general, as you deal with uncontrolled endpoints, you face increased security risks.

Network Admission Control (NAC): This is an emerging technology that addresses security compliance
enforcement issues. The basic idea is to make sure that the endpoints are compliant with corporate
security policies, such as having proper antivirus software and Windows patching level, before the
network devices grant users access to network resources. The endpoint security integrity checking that
we just discussed is a form of Network Admission Control, and it can be integrated with the overall NAC
framework to provide a consistent security validation for all types of network access methods.