Manualshelf

Security Solutions

ManualsBrandsHP ManualsSoftwareHP ProCurve Access Control Client Software
321322323324325326327328329330
A-18
Addendum to the ProCurve Access Control Security Design Guide
Microsoft NAP
Figure A-5. IPsec-Protected and Unprotected Communications
A device can belong to only one network at a given time:
Secure Network—Contains all NAP clients that have health certificates
and that require incoming communications to be authenticated via IPsec,
using a health certificate.
Boundary Network—Contains all NAP clients that have health certifi-
cates but that do not require that IPsec communications be authenticated
with a health certificate.
Restricted Network—Contains all devices that do not have a health
certificate, including non-compliant endpoints, devices that run non-NAP-
compatible operating systems, and guests.
The HRA helps endpoints to obtain the health certificate necessary for com-
municating in the secure network. Figure A-6 shows the network access
process.