My scenario is something like:
I have a PC which is to be remotely connected (RDP) by an external PC (Not in my network, internet). I want that once the outsider PC gets RDP of the inside PC it should not communicate with any of the PC's in the LAN. What the outside pc should do is FTP to some other outside (outside of my network/ organization, once it has RDP connection of inside pc) ONLY. My switch is 2950 which does not support private-VLAN feature. Firewall and routers ACL can take care of Layer3 restrictions but how can I protect my LAN (layer2) from the outside pc once it has control of one of my inside pc. I hope I'm clear to what I am asking for?