Friday, December 05, 2008

Configuring IPsec NAP (Network Address Protection) - Part 1: Certificates

OK, so in my last post I’ve posted a brief summary of the IPSec NAP basics and the involved processes.
Now I’ll be doing the same for the actual installation of the Network Address Protection infrastructure. I’m not including to many actions paths with a huge number of print screens, because it’s pretty self-explanatory when you know what steps to follow. It benefits the clearity of the post which make the configuration easier.
Although it seems complicated, and yes, you do need to do quite a bit of stuff, it actually isn’t all that hard to do.

So let’s do this again step by step. But first I’ll show you my setup.

Step 1: Install and configure the DC: in my case, that would mean the “DC.test.local” machine: Install WS08, configure the TCP/IP properties, promote to DC and configure DNS: I don’t suppose this will cause too many problems

Step 2: Install the CA: also this is still pretty straightforward

Step 3: Create the required security groups: see above

Step 4: Installation and configuration of the CA
4a: Create a certificate template by copying an existing certificate template, making the changes as indicated in the print screen and publish it in AD (Tabs: Extension & Security)

4b: Publish the created certificate: via “Certificate Template to Issue”

Step 5: Enable the Auto-enroll policy in the Default Domain GPO: see print screen

In my next post, we'll go over the installation of the NPS.

Network Address Protection (NAP) posts:
IPsec NAP: Network Address Protection in Server 2008

Configuring IPsec NAP (Network Address Protection) - Part 2: Installation of the NPS (Network Policy Server)

Configuring IPsec NAP (Network Address Protection) - Part 3: Configuring the NPS as NAP HRA (Health Registration Authority)

Configuring IPsec NAP (Network Address Protection) - Part 4: Testing with a NAP client

1 comment:

ranger merah said...

great post. thank for share. I really need something like this.

and dont forget to pay a visit here