cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
751
Views
0
Helpful
2
Replies

Allow only remote desktop for a certain VPN group

twebb
Level 1
Level 1

Is there away to only allow Remote Desktop (TCP 3389) to a single server in our network for external users using the Cisco Client (not WebVPN).

The scenario would play out like the following. User starts Cisco VPN Client and once authenticated the only action they could use would be to Remote Desktop (TCP 3389) to a single Terminal Server on our internal network.

Thanks in advance,

Tyler Webb

Systems Administrator

The Charles Machine Works, Inc.

Manufacturers of Ditch Witch Equipment

Perry OK, 73077

2 Replies 2

Lot of ways. Depends on your headend vpn device

pix.

1 Remove sysopt connection permit-ipsec and force traffic through outside access-list.

2 Do radius authentication and download a peruser access-list which allows only rdp connection

vpn concentrator

filter lists

IOS router.

Access-lists

Hope it helps

Mohammed is spot on.

Make sure the TermServices users get IPs from a different pool (or get static IPs), then do as Mohammed suggests.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: