Planning and Design Considerations

When planning for the deployment of IPsec enforcement, you must consider the following:

  • Active Directory

  • PKI

  • HRAs

  • IPsec policies

  • NAP clients

Active Directory

You must consider the following planning and design issues for Active Directory:

  • IPsec NAP exemption group

  • Security groups or organizational units (OUs) for IPsec policy application

  • Security groups or OUs for NAP exceptions

IPsec NAP Exemption Group

You must create an IPsec exemption security group whose members are the remediation servers and HRAs in the boundary network. Remediation servers and HRAs will use certificate autoenrollment to obtain NAP exemption certificates, which are long-lived health certificates that remediation servers and HRAs can use to initiate ...

Get Windows Server® 2008 Networking and Network Access Protection (NAP) now with the O’Reilly learning platform.

O’Reilly members experience live online training, plus books, videos, and digital content from nearly 200 publishers.