locked
NAP IPsec and XP sp3 how to.... RRS feed

  • Question

  • Hello, I tried following the step by step guide for IPsec NAP enforcement using XP as clients, and I can't get the isolation part to work.  I read in the forums I need to change a regkey on the XP systems (which I tried) but unhealthy clients still aren't isolated.  I am just wondering what exactly has to be changed in the setup to get this to work with XP sp3.

    Thanks!
    Friday, April 10, 2009 5:57 PM

Answers

  • Hi,

    You must configure legacy IPsec policies for computers running XP (IP Security Policies). See http://technet.microsoft.com/en-us/library/dd314176.aspx for the applicable GPO settings.

    Connection security rules will not work on computers running Windows XP.

    Computers running XP also behave somewhat differently than computers running Vista in terms of security associations (SAs). See http://technet.microsoft.com/en-us/library/dd125389.aspx for more information. You should also know that broadcasts on the same subnet will cause soft SAs to form that can interfere with lab testing on computers running XP. Ideally, you need to place these computers on different subnets.

    I hope this helps,
    -Greg
    Tuesday, April 14, 2009 9:44 PM