NAP with IPsec enforcement functions in conjunction with link security policies. Briefly, NAP through IPsec enforcement functions by issuing system wellness certificates to compliant client . Friend enforce link security policies, extended in great 2, on every hosts ~ above the network and ensure the connections deserve to be authenticated just with system health certificates. Administrators install this certificates manually on important servers that space not subject to the NAP process so they can be authenticated by link security policies applied throughout the domain

The IPsec enforcement an approach requires you come deploy the health and wellness Registration authority (HRA) function service and have an currently PKI. You learn around deploying windows Server 2008 Certificate services in thing 7. The HRA role service is responsible for regulating the circulation of system wellness certificates to NAP-compliant clients with a web application called DomainHRA . If you room using IPsec enforcement also as permitting the IPsec Relying Party enforcement client, you must specify the health Registration Authority net site ar for clients through group Policy. In huge organizations, deploy multiple HRAs because that fault tolerance

You use the Configure NAP magician on the Network plan server and also then select the IPsec with wellness Registration government (HRA) network link method, as presented in figure 4-30 . You climate specify the NAP enforcement servers that have actually the HRA installed, pick the computer system groups the policy applies to (select no computer groups to apply the policy globally), pick the SHVs you want to use and also whether you desire to enable auto-remediation, and also then finish the wizard.

You are watching: How does ipsec nap enforcement differ from other nap enforcement methods

*
FIGURE 4-30 Configuring IPsec enforcement .

You need to configure one isolation connection security ascendancy that supplies System health and wellness certificates for authentication, as displayed in number 4-31. When start a deployment the NAP v IPsec enforcement, you deserve to have the connection security ascendancy use the inquiry authentication option, however for strict NAP v IPsec enforcement, use the need Authentication because that Inbound and also Outbound relations option. This ensures that only healthy clients are able to communicate with an important servers ~ above the network.

*" brand-new Connection Security ascendancy Wizard

■ *l

Authentication Method

Specify just how authentication is performed foi relationships that complement this rule.

4 Rule type 4 Requirements

Authentication M ethod 4 profile 4 Name

What authentication method would you prefer to use? C Default

Use the authentication methods specified in the profile properties.

( Computer and also user (Kerberos V5J

Restrict communications to relationships Irom domain-joined users and also computers. Provides identity information for authorizing specific users and also computers in inbound and outbound rules. ( computer (Kerberos V5>

Restrict communications to relationships Irom domain-joined computers. Provides identity information for authorizing details computers in inbound and outbound rules.

See more: " A Stone A Leaf An Unfound Door, Thomas Wolfes Original Text For A Stone A Leaf

i* computer certificate

Restrict interactions to relationships Irom computer systems that have actually a certificate native this certification government (CA).

CAname: |DC=internal, DC=contoso. CN=contoso-GLASGOW-CA Browse.. | only accept health certificates f" Advanced