Determine Which Site Systems Are Boundary Servers for IPsec Network Access Protection
Updated: December 1, 2009
Applies To: System Center Configuration Manager 2007, System Center Configuration Manager 2007 R2, System Center Configuration Manager 2007 R3, System Center Configuration Manager 2007 SP1, System Center Configuration Manager 2007 SP2
If you are using IPsec as your Network Access Protection enforcement technology with Configuration Manager 2007, configure the following site systems as boundary servers:
All management points that are located in sites that are enabled for Network Access Protection.
All software update points located in sites that are enabled for Network Access Protection.
All distribution points that host software updates.
|A server that is configured as a server locator point might have to be configured as a boundary server if clients require this site system role to access site information that is published to Active Directory Domain Services, or to locate management points. For more information about whether clients must have access to a server locator point, see Determine If You Need a Server Locator Point for Configuration Manager Clients.|
Additionally, configure the following servers as boundary servers to support Network Access Protection in Configuration Manager:
The computer running Network Policy Server.
Any infrastructure servers that are required on the restricted network, such as DNS servers, WINS servers, domain controllers and global catalog servers.
For additional information, see Configuration Manager 2007 Information and Support.
To contact the documentation team, email SMSdocs@microsoft.com.