By default, Cisco want to have a two-way authentication, so even if the Cisco NAS calls another device, it expects it to authenticate to itself, the caller.
In contrast, Ascend does not allow itself to authenticate to peers calling in.
To solve this, Cisco added an option to request authentication only for incoming calls. The interface subcommand to achieve this is "ppp authentication chap callin".