Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

ASA 5520 VPN / RDP / Server restriction

In our current setup, user would make a VPN connection to ASA 5520 and proceed to RDP to their office workstation to work as if they are in the office.  What I am looking to do block their acces to one server or intranet site even when they are connected to their workstation this way.  Is there anything in the ASA 5520 I can setup to allow user to RDP to their office computer but block traffic to one internal server or intranet site?

3 REPLIES
VIP Purple

You can configure an ACL that

You can configure an ACL that only allows RDP-access to the user-workstation. This ACL is applied to the group-policy that is used for the user-VPN.


--
Don't stop after you've improved your network! Improve the world by lending money to the working poor: http://www.kiva.org/invitedby/karsteni
New Member

Will this be enough to allow

Will this be enough to allow user to RDP to workstation BUT prevent user from accessing an internal server, say serverA, within his workstation desktop?  That is the challenge here. 

VIP Purple

I think I misunderstood your

I think I misunderstood your needs.

Is the server behind a firewall or another device that can do access-control? Then you can filter the traffic there. If not, you can:

  1. Configure port-ACLs on the switchport that restrict the access to the server.
  2. Use a centrally managed Host-firewall to restrict outgoing traffic from the workstations.
  3. Use a host-firewall on the server to restrict the access.

--
Don't stop after you've improved your network! Improve the world by lending money to the working poor: http://www.kiva.org/invitedby/karsteni
54
Views
0
Helpful
3
Replies
CreatePlease login to create content