Link to home
Start Free TrialLog in
Avatar of arunaci
arunaci

asked on

Blocking non domain computers with Fixed IP

Hi All,

I have implemented NAP using IPsec with HRA and it seems to be working fine for computers failing health check for both domain and non domain computers. But when the computers use Static IP address, the whole thing gets bypassed.

Any ideas with regards to this would be welcome.

regards,

Arun.
ASKER CERTIFIED SOLUTION
Avatar of loaganathan
loaganathan
Flag of India image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of arunaci
arunaci

ASKER

If you deploy IPsec enforcement you will need a certificate infrastructure (a PKI). In this case, non-domain computers will not be given a certificate and computers without certificates can be blocked with IPsec policies.

The other method you can use is 802.1X. You can also use NAP here, but it isn't necessary. Just create a policy that evaluates computers based on domain membership. An 802.1X access request contains the computer's domain so it isn't necessary here to run NAP agent

Shall try this and get back

Thank u for pointing me in a direction

Regards,

Arun