Manualshelf

Security Solutions

ManualsBrandsHP ManualsSoftwareHP ProCurve Access Control Client Software
321322323324325326327328329330
A-21
Addendum to the ProCurve Access Control Security Design Guide
Microsoft NAP
VPN Access
The VPN server must run on a Windows Server 2008 and Active Directory
domain service is required. Figure A-8 shows the VPN network access method.
Figure A-8. VPN Network Access
1. The NAP client (using the VPN NAP EP) sends its SSoH to the VPN server
using PEAP over PPP.
2. The VPN server sends the client’s SSoH to the NPS.
3. The NPS performs a system health validation and sends its verdict to the
VPN server.
4. The VPN server takes one of the following actions:
a. If the endpoint is compliant, it is given unrestricted network access
over the VPN connection.
b. If the endpoint is non-compliant, IP filters are applied to the end-
point’s connection.
802.1X Authentication
The 802.1X authentication method for network access does not require as
many Windows-specific components as some of the other methods. It does,
however, require Active Directory domain service. Figure A-9 shows the
802.1X authentication method.