Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Terminal Service problem

I have set up TS running through to our TS machine via external IP x.x.x.85 and it runs fine. I have a problem with one of our users who insists on using TS to connect to his machine at home during work hours since this hole was opened up again.

Is there a way to block TS traffic for everywhere except the external IP we are using for demos x.x.x.85?

He does not know this IP address and would probably be fooled by it. TS needs inbound and outbound traffic on ports 80 and 3389 for our purposes as we use TSWEB for our demos.

Other addresses:

Internal address of TS server

Internal address of pesky user

I want to do this through the PIX if possible as it means I do not have to set up Proxy Server for one user.

PIX 515 running OS 6.22

Please copy post to gheatleyat ssmicdotcom , thanks.

New Member

Re: Terminal Service problem

try an access-list on the inside interface that permits these 2 ports for destination address .85 but blocks the ports for all other addresses, then permit ip any any as the third entry. or you could try blocking these ports when the source address is the pesky user.

New Member

Re: Terminal Service problem

I would rather try the second option. Can you point me to a document that will take me through the commands please?


CreatePlease to create content