No Access for You!

The Network Access Protection (NAP) client and Network Policy Server role work with network infrastructure Network Policy and Remediation servers to enforce network policies. Shown here is the sequence of events when a noncompliant client computer (left) tries to connect to a network over a Microsoft Virtual Private Network (VPN) connection and is restricted to an isolated subnet with a Remediation Server (right) that will bring the computer into compliance. In this simplified example, the Routing and Remote Access component (which provides VPN access) and the NAP server components are all installed on the same server.

Enforcement of NAP policies over a VPN connection relies on IP packet filters to control network access and traffic. The following occurs when the computer initiates a VPN connection:

(1) The NAP client on the computer sends an access request. The Routing and Remote Access component, which provides VPN access to the network, sends a Request/Identity message to the NAP client to authenticate it. The NAP client responds with a Response/Identity message, which the Routing and Remote Access Server passes to the Network Policy Server (NPS) component.