NAP is a feature of Network Policy Server (NPS), which is a "role service"
of the NPAS server role. There is no "NAP role." (The NPAS server role is
just a grouping of technologies in the install wizard - I guess they didn't
want to have a separate server role for each technology for some reason.)

NPS is the new version of IAS and it supports NAP by acting as a health
policy server -- meaning that it does what IAS does but also accepts
statements of health from NAP clients, and then evaluates those statements
of health against the health policies that you have configured on the NPS
server.

NPS can authenticate and authorize Cisco VPN users, but to use NAP with VPN
you need to use Routing and Remote Access as your VPN server. (Unless you
have already deployed Cisco network admission control, which is a whole
other story.)

Go to the Microsoft Windows TechNet library and read the NAP and NPS
documentation there.

But if all you want to do is authenticate your VPN users, configure the VPN
server as a RADIUS client in NPS, configure the actual VPN server to
communicate with the NPS server, and then create a network policy (in IAS
they're called remote access policies) to allow the VPN users to connect.
Also configure logging. That's about it.

FA