Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Allow only remote desktop for a certain VPN group

Is there away to only allow Remote Desktop (TCP 3389) to a single server in our network for external users using the Cisco Client (not WebVPN).

The scenario would play out like the following. User starts Cisco VPN Client and once authenticated the only action they could use would be to Remote Desktop (TCP 3389) to a single Terminal Server on our internal network.

Thanks in advance,

Tyler Webb

Systems Administrator

The Charles Machine Works, Inc.

Manufacturers of Ditch Witch Equipment

Perry OK, 73077

2 REPLIES
New Member

Re: Allow only remote desktop for a certain VPN group

Lot of ways. Depends on your headend vpn device

pix.

1 Remove sysopt connection permit-ipsec and force traffic through outside access-list.

2 Do radius authentication and download a peruser access-list which allows only rdp connection

vpn concentrator

filter lists

IOS router.

Access-lists

Hope it helps

Re: Allow only remote desktop for a certain VPN group

Mohammed is spot on.

Make sure the TermServices users get IPs from a different pool (or get static IPs), then do as Mohammed suggests.

312
Views
0
Helpful
2
Replies