locked
CA Authority for NAP & RADIUS RRS feed

  • Question

  • Hi,

    I'm Planning to implement NAP & RADIUS Server to existing infrastructure currently we don't have any CA authority is it necessary to implement CA for RADIUS implementation

    Thanks    

    Wednesday, March 25, 2015 6:55 AM

Answers

  • Hi,

    According to your description, my understanding is that you want to deploy NAP and want to know that if the CA authority is necessary.

    It is depends on which NAP Enforcement Method and authentication method you use. For DHCP NAP, or VPN NAP with PEAP, CA is not necessary. For VPN NAP with PEAP-MS-CHAPv2, CA is necessary.

    It is recommended to deploy strong enforcement methods, such as the IPsec, 802.1X, and VPN enforcement methods. Strong enforcement methods use certificate-based authentication methods and secure the channel between clients and servers through which the statement of health (SoH) and statement of health response (SoHR) are sent.

    The article below lists methods of NAP, and each method has a link for simple description about deploying  requirement:
    https://technet.microsoft.com/en-us/library/cc753389(v=ws.10).aspx

    Best Regards,
    Eve Wang


    Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com.

    Thursday, March 26, 2015 6:04 AM

All replies

  • Hi,

    According to your description, my understanding is that you want to deploy NAP and want to know that if the CA authority is necessary.

    It is depends on which NAP Enforcement Method and authentication method you use. For DHCP NAP, or VPN NAP with PEAP, CA is not necessary. For VPN NAP with PEAP-MS-CHAPv2, CA is necessary.

    It is recommended to deploy strong enforcement methods, such as the IPsec, 802.1X, and VPN enforcement methods. Strong enforcement methods use certificate-based authentication methods and secure the channel between clients and servers through which the statement of health (SoH) and statement of health response (SoHR) are sent.

    The article below lists methods of NAP, and each method has a link for simple description about deploying  requirement:
    https://technet.microsoft.com/en-us/library/cc753389(v=ws.10).aspx

    Best Regards,
    Eve Wang


    Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com.

    Thursday, March 26, 2015 6:04 AM
  • Hi Eve,

    Thanks For your help 

    Regards 

    Thursday, March 26, 2015 6:37 AM