No.
L2TP over IPSec only supports PAP based authentication. The standard provides no way to do both a machine and user authentication.
When AnyConnect gets released for MX then you could use something like Cisco ISE to achieve this (as pointed out by @CptnCrnch ).
TEAP is the long term dream goal, but we need RADIUS servers to be upgraded to support this, and much broader client support. Give it 7 more years.