Deploying IPsec enforcement involves configuration of Active Directory, NAP CAs, HRAs, NAP health policy servers, remediation servers, and NAP clients. After an initial configuration in reporting mode, test enforcement mode on a subset of computers. Last, configure enforcement mode for all the computers on the secure network. After deploying enforcement mode, ongoing maintenance of IPsec enforcement consists of adding NAP clients, adding SHAs and SHVs, and managing NAP CAs and HRAs. To troubleshoot IPsec enforcement, verify network connectivity and configuration for NAP clients, HRAs, NAP CAs, NAP health policy servers, and remediation servers.