Planning and Design Considerations

When planning for the deployment of IPsec enforcement, you must consider the following:

Active Directory
PKI
HRAs
IPsec policies
NAP clients

Active Directory

You must consider the following planning and design issues for Active Directory:

IPsec NAP exemption group
Security groups or organizational units (OUs) for IPsec policy application
Security groups or OUs for NAP exceptions

IPsec NAP Exemption Group

You must create an IPsec exemption security group whose members are the remediation servers and HRAs in the boundary network. Remediation servers and HRAs will use certificate autoenrollment to obtain NAP exemption certificates, which are long-lived health certificates that remediation servers and HRAs can use to initiate ...

Get Windows Server® 2008 Networking and Network Access Protection (NAP) now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Windows Server® 2008 Networking and Network Access Protection (NAP) by

Planning and Design Considerations

Active Directory

IPsec NAP Exemption Group

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly