@helene
In the end It was never integrated into the IPSec RFCs for good reasons but the whole industry created VPN-Appliances and client software with XAUTH that was completely incompatible between vendors. It was an "industry standard" that never worked and the quality of the (mostly windows) client software was abysmal.
(And the software in the appliances was not much better...)
(Mind you, that was around 2000, but then Windows 2000 and following had (and IMHO still has) quite a clean IPSec implementation... MS abstained from XAUTH for good reasons.)