locked
NAP with VPN RRS feed

  • Question

  • Hi,

    What is best practice for building VPN service with NAP? Can I add both roles on same Win 2008 server or I need 2 separate servers for NAP, VPN? 

    What are advantages and disadvantages ?

    Thanks.

     

    Aigars

    Wednesday, April 13, 2011 2:24 PM

Answers

  • Hi deagegdbhghghgh,

     

    Thanks for posting here.

     

    There are some requirements you should notice in this scenario:

     

    VPN enforcement

     

    When you deploy NAP with VPN enforcement, the enforcement server is a server running the Routing and Remote Access service (RRAS). The VPN server can be deployed according to any standard VPN design, such as in a perimeter network. VPN NAP enforcement servers have the following connectivity requirements:

     

    ·         To authenticate and authorize network connections, VPN enforcement points must have connectivity to one or more NAP health policy servers.

     

    ·         If your VPN network design includes a perimeter network, the VPN NAP enforcement server is typically placed in this network with VPN client access and LAN access limited by devices such as firewalls.

     

    ·         VPN enforcement points must be accessible to NAP client computers when they first request network access and after noncompliant computers have remediated their health state.

     

    Meanwhile, performance and reliability are also the important factors you should evaluate, please take time to read the articles below first and decide a suited solution for your deployment:

     

    Design a Server Placement Strategy

    http://technet.microsoft.com/en-us/library/dd125362(WS.10).aspx

     

    NAP Capacity Planning

    http://technet.microsoft.com/en-us/library/dd125353(WS.10).aspx

     

    Thanks.

     

    Tiger Li


    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community memb
    Thursday, April 14, 2011 8:21 AM

All replies

  • No one has thought of such a thing?

     

    A.

    Thursday, April 14, 2011 6:07 AM
  • Hi deagegdbhghghgh,

     

    Thanks for posting here.

     

    There are some requirements you should notice in this scenario:

     

    VPN enforcement

     

    When you deploy NAP with VPN enforcement, the enforcement server is a server running the Routing and Remote Access service (RRAS). The VPN server can be deployed according to any standard VPN design, such as in a perimeter network. VPN NAP enforcement servers have the following connectivity requirements:

     

    ·         To authenticate and authorize network connections, VPN enforcement points must have connectivity to one or more NAP health policy servers.

     

    ·         If your VPN network design includes a perimeter network, the VPN NAP enforcement server is typically placed in this network with VPN client access and LAN access limited by devices such as firewalls.

     

    ·         VPN enforcement points must be accessible to NAP client computers when they first request network access and after noncompliant computers have remediated their health state.

     

    Meanwhile, performance and reliability are also the important factors you should evaluate, please take time to read the articles below first and decide a suited solution for your deployment:

     

    Design a Server Placement Strategy

    http://technet.microsoft.com/en-us/library/dd125362(WS.10).aspx

     

    NAP Capacity Planning

    http://technet.microsoft.com/en-us/library/dd125353(WS.10).aspx

     

    Thanks.

     

    Tiger Li


    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community memb
    Thursday, April 14, 2011 8:21 AM