Planning and Design Considerations
When planning for the deployment of IPsec enforcement, you must consider the following:
Active Directory
PKI
HRAs
IPsec policies
NAP clients
Active Directory
You must consider the following planning and design issues for Active Directory:
IPsec NAP exemption group
Security groups or organizational units (OUs) for IPsec policy application
Security groups or OUs for NAP exceptions
IPsec NAP Exemption Group
You must create an IPsec exemption security group whose members are the remediation servers and HRAs in the boundary network. Remediation servers and HRAs will use certificate autoenrollment to obtain NAP exemption certificates, which are long-lived health certificates that remediation servers and HRAs can use to initiate ...
Get Windows Server® 2008 Networking and Network Access Protection (NAP) now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.