Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Get around NAC from bastion hosts

Hi,

We are planning to implement 801.x with dynamic VLAN assignment such that different group will have different access policies to our internal network, however I have a basic question regarding this approach. Say users in sales group is not allowed to access HR servers, I can simply apply an ACL on sale's VLAN to block this connection, but how do I stop the connection if a sales person login to a sales server and from there to make connections to HR servers?

Everyone's tags (2)
1 REPLY

Get around NAC from bastion hosts

Are you allowing RDP access to these Sales servers? If so are you allowing access based on a shared account or are the users using their domain accounts? You can restrict remote desktop based on user groups in AD.

Here is a guide that should lock down access to your server for remote desktop -

http://www.techotopia.com/index.php/Configuring_Windows_Server_2008_Remote_Desktop_Administration#Controlling_Remote_Desktop_Access

Thanks,

Tarik Admani

Tarik Admani *Please rate helpful posts*
348
Views
0
Helpful
1
Replies
CreatePlease login to create content