Dears,

I have applied NAP enforcement with IPsec, unfortunately I am facing below problems:

• My VMware Vcenter Server lost communication with ESXI Hosts
• 15 Linux Cento OS Client computer are now not able to communicate with Windows servers /clients
• Windows 7 that have ERP Clients lost connectivity with 2 Red hat servers that host ERP
• I have some MacBook air which lost connectivity with Exchange Server...

SO, how to do exemption for this non-nap capable clients and servers?

Thanks

Hi Jean

I suppose we would create a NPS policy based on the MAC address of the NIC of the devices. It could implement NAP enforcement exemption for devices like printers, NAS, VoIP Phones which don't support NAP.

Here is the detailed guide:

NAP Enforcement Exemption for Printers and other Network Appliances:
http://blogs.technet.com/b/teamdhcp/archive/2008/06/15/nap-enforrcement-exemption-for-printers-and-other-network-appliances.aspx

Best Regards,

Leo

Hi Leo, This sound perfect for NAP Implementation with DHCP enforcement, or even maybe IEEE.

My Situation is: NAP with IPsec enforcement, where my ERP Servers are Linux, 15 clients are Linux + 2 mac which cannot connect to exchange or other services. VMware ESXI which lost connectivity with Vcenter server (which is windows 2012). 

So how to workaround this problem?

Thanks

• Edited by Jean M 16 hours 48 minutes ago

Hi Leo, This sound perfect for NAP Implementation with DHCP enforcement, or even maybe IEEE.

My Situation is: NAP with IPsec enforcement, where my ERP Servers are Linux, 15 clients are Linux + 2 mac which cannot connect to exchange or other services. VMware ESXI which lost connectivity with Vcenter server (which is windows 2012). 

So how to workaround this problem?

Thanks

• Edited by Jean M Saturday, June 27, 2015 2:12 PM

Hi Jean,

Since you are using Linux devices, NAP may not affect them.

We may check the logs to see if Windows clients could satisify the conditions in the policy.

Then, we could disable NAP temporarily and check if they can connect.

Best Regards,

Leo

Hi Leo,

If NAP is not enabled, then all things work fine (I did test and I role back all NAP)

Once NAP with IPsec enforcement is enabled, I am getting this issues:

• My VMware Vcenter Server lost communication with ESXI Hosts
• 15 Linux Cento OS Client computer are now not able to communicate with Windows servers /clients
• Windows 7 that have ERP Clients lost connectivity with 2 Red hat servers that host ERP
• I have some MacBook air which lost connectivity with Exchange Server...

Hi Jean,

As I asked above, could the windows clients satisify the conditions in the policy?

If yes, we could use Network Monitor to analyze the communication process between Linux and Windows devices. The packets could help us to find the problem.

Here is the guide for Network Monitor:
Network Monitor:
https://technet.microsoft.com/en-us/library/cc938655.aspx

Best Regards,

Leo

Hi Jean,

As I asked above, could the windows clients satisify the conditions in the policy?

If yes, we could use Network Monitor to analyze the communication process between Linux and Windows devices. The packets could help us to find the problem.

Here is the guide for Network Monitor:
Network Monitor:
https://technet.microsoft.com/en-us/library/cc938655.aspx

Best Regards,

Hi Jean,

I suppose we could use 3rd party tools to make NAP available for them.

Here is a similar case:
IPsec NAP and OSx:
https://social.technet.microsoft.com/Forums/en-US/434c8b62-a743-4679-ade4-e0afc3c91d24/ipsec-nap-and-osx?forum=winserverNAP

Best Regards,

Leo