locked
NAP IPsec vs. Windows 2000 RRS feed

  • Question

  • I am looking into deploying NAP with IPsec Enforcement.

    But since we have a large number of Windows 2000 and 2003 servers I was wondering how these would be handled.

    I know there is no NAP client for Windows 2000 and 2003 but can I set up IPsec Enforcement so that only complient machines are able to communicate with these servers?

    According to this:

    http://technet.microsoft.com/en-us/library/dd125312%28WS.10%29.aspx

    You can set up a restricted network:

    "Restricted network. The set of computers that do not have health certificates. These can be noncompliant NAP client computers, guests on the network, or non-NAP-capable computers such as computers running operating systems that do not support NAP. Noncompliant computers on the restricted network enforce IPsec policies that require a health certificate for incoming connections."

    So would it be possible to place all windows 2000 servers in the restricted zone?
     


    Wednesday, January 6, 2010 2:43 PM

Answers

  • Hi,

    I currently have no Windows 2000 to test this configuration. But I think it’s possible to place Windows 2000 servers in the Restricted Zone.

    Thanks.

    This posting is provided "AS IS" with no warranties, and confers no rights.
    • Marked as answer by Mervyn Zhang Wednesday, January 13, 2010 10:36 AM
    Friday, January 8, 2010 9:10 AM