Freigeben über


Step By Step Guide: IPsec NAP Enforcement in a Test Lab

image

The NAP team has just released a Step-by-Step guide to setting up IPsec NAP Enforcement in a Test Lab.

This paper contains an introduction to NAP and instructions for setting up a test lab and deploying NAP with the IPsec enforcement method using two server computers and two client computers. The test lab lets you create and enforce client health requirements using NAP and IPsec.

The test lab consists of an intranet network assigned a private IP address range of 192.168.0.0/24 that is connected by a hub or switch.

image

In the test lab, NPS1 is on the boundary network, CLIENT1 is on the secure network, and CLIENT2 moves between the secure and restricted network, depending on its health status.

image

Download the rest of the guide here: https://www.microsoft.com/downloads/details.aspx?familyid=298ff956-1e6c-4d97-a3ed-7e7ffc4bed32&displaylang=en&tm

  1. NAP Product Team blog
  2. Microsoft Network Access Protection Web page
  3. Network Access Protection: Frequently Asked Questions
  4. Introduction to Network Access Protection white paper

Comments

  • Anonymous
    January 01, 2003
    PingBack from http://www.ditii.com/2008/02/14/demonstrate-nap-ipsec-enforcement-in-a-test-lab-step-by-step-guide/

  • Anonymous
    September 02, 2013
    Hi Is there any documentation available how to configure IPSEC policies for NAP deployment ? Also Is windows firewall service must be running on client computers for IPSEC NAP to work ? Best Regards Mahesh

  • Anonymous
    October 23, 2013
    Information about SSL certificate on NPS1 is missing in the document. The NPS1 machine will need a COMPUTER certificate to support SSL connections to the server. The SSL connections will come from NAP clients when they connect to the Health Registration Authority Web server on the NPS server machine. Before installing the NPS, HRA, and CA server roles on NPS1 you need to request a COMPUTER certificate from the CA installed on DC1. Later, when you have to choose an existing certificate for SSL encryption, the certificate is there and you can select it. Thanks!