07-11-2006 12:59 PM - edited 02-21-2020 02:31 PM
Is there away to only allow Remote Desktop (TCP 3389) to a single server in our network for external users using the Cisco Client (not WebVPN).
The scenario would play out like the following. User starts Cisco VPN Client and once authenticated the only action they could use would be to Remote Desktop (TCP 3389) to a single Terminal Server on our internal network.
Thanks in advance,
Tyler Webb
Systems Administrator
The Charles Machine Works, Inc.
Manufacturers of Ditch Witch Equipment
Perry OK, 73077
07-11-2006 02:58 PM
Lot of ways. Depends on your headend vpn device
pix.
1 Remove sysopt connection permit-ipsec and force traffic through outside access-list.
2 Do radius authentication and download a peruser access-list which allows only rdp connection
vpn concentrator
filter lists
IOS router.
Access-lists
Hope it helps
07-14-2006 02:46 PM
Mohammed is spot on.
Make sure the TermServices users get IPs from a different pool (or get static IPs), then do as Mohammed suggests.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: