Enforcing VPN client health requirements using NAP
Updated: February 1, 2011
Applies To: Forefront Threat Management Gateway (TMG)
The following topics describe how to configure Forefront TMG to work with Network Access Protection (NAP) enforcement.
Important
Before configuring NAP enforcement, it is assumed that you have configured your virtual private network (VPN) and verified that the VPN connection is working properly.
Setting EAP as the authentication method for VPN clients—Describes how to configure Forefront TMG to use Extensible Authentication Protocol (EAP) for authenticating virtual private network (VPN) clients.
Configuring Forefront TMG as a RADIUS client—Describes how to set RADIUS as the network access protocol and the Network Policy Server (NPS) as the primary RADIUS server.
Enabling NAP-based quarantine control—Describes how to configure Forefront TMG to quarantine VPN clients according to RADIUS server policies.
Enabling quarantine for clients that are not NAP-capable—Describes how to configure Forefront TMG as a Remote Access Quarantine Agent (RQS) listener in order to support legacy clients.