Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Restricting Outbound Access

I want to restict access to certain remote locations (by destination IP and port) to users who logon & use a Win2K3 Terminal Server. While a simple access-list on the PIX 515 can be used to restrict access to the destination from the TS source IP address only, I want to ensure that no clever user (bunch of engineers) circumvent the security by simply pulling the n/w cable on the TS and changing the IP address on their PC (NB: there is a reason for needing to restict access from the TS for application logging purposes). Is there any way that by running IAS on the TS it, it can authenticate itself to the PIX as a device, and only if that authentication is in place connections can take place? Any ideas or suggestions will be appreciated. Thanks

2 REPLIES
Gold

Re: Restricting Outbound Access

one way is to configure "virtual telnet". with this configured, users will need to authenticate first against the pix local database (or radius etc) by telnetting to a virtual ip sitting on the pix.

unfortunately, the cisco doco is not very detailed with this feature. anyway, here it is:

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a0080094ea9.shtml#vir_telnet_outbound

i've configured virtual telnet inbound, not outbound. i may give it a go in the lab. it sounds like fun.

New Member

Re: Restricting Outbound Access

the switch port security might be of help. restricting mac addresses per port.

92
Views
0
Helpful
2
Replies