locked
VPN NAP Issues RRS feed

  • Question

  • Hi,

    Here is my current setup:

    WS08 R2 VPN server in the DMZ (RAS01).
     - Authentication Provider: Windows (will this break NAP?)
     - Accounting Provider: RADIUS (this points to my NPS Server on the intranet NPS01)

    Intranet NPS Server is also WS08 R2 (NPS01):
    - have run the VPN NAP wizard
    - have configured the RADIUS client to RAS01 in the DMZ
    - The SHV has everything checked (av, firewall, etc) for Windows XP and Windows Vista (Windows 7 is not yet there)

    The client is Windows 7; NAP and Security Centre started; EAP Quarantine EC is enabled.
    I have configured the VPN client as follows (PEAP, EAP-MSCHAP v2, Enforce NAP  ticked).
    What I have not selected is: Validate Server Certificate (will this break NAP?)

    Should the above VPN NAP configuration work?
    Is there an issue with Windows 7?

    Why I ask, well when I VPN in, and disable my firewall...NAP tells me that my computer is 100% healthy ...

    Thanks,
    Tom
    Friday, September 11, 2009 1:40 PM

Answers

  • Hi Tom,

    AFAIK, Health check in VPN enforcement happens through authentication request that comes to NPS Server, So NPS needs to get the authentication requests for the Health check to work in VPN enforcement. Can you change the configuration to Radius authentication and see whether you see the problem?

    Thanks,
    Srinivasulu.
    • Marked as answer by D Wind Friday, September 11, 2009 5:58 PM
    Friday, September 11, 2009 4:24 PM

All replies

  • Hi Tom,

    AFAIK, Health check in VPN enforcement happens through authentication request that comes to NPS Server, So NPS needs to get the authentication requests for the Health check to work in VPN enforcement. Can you change the configuration to Radius authentication and see whether you see the problem?

    Thanks,
    Srinivasulu.
    • Marked as answer by D Wind Friday, September 11, 2009 5:58 PM
    Friday, September 11, 2009 4:24 PM
  • Srini,

    Yep - that's it !

    Many thanks & regards,

    Tom
    Friday, September 11, 2009 5:53 PM