There's a possible bypass for authentication when LDAP is used for Chap/MsChap in Cisco's VPN. An attacker can access your internal network without providing authentication at all.
This is quite serious to those running LDAP on PIXes and ASAes.
So far, as i can remember it, when comparing ISA Server and Cisco's firewalls, ISA Servers have no single type of serious attacks like this on it by far. Go ISA Server!