https://community.cisco.com/t5/network-security/rdp-access-list/m-p/1747673#M533472 <P style="margin: 0in; margin-bottom: .0001pt;">Dear Experts,</P><P></P><P style="margin: 0in; margin-bottom: .0001pt;">Just want to ask you if&nbsp; can i permit RDP connection to AD Server but at the same time deny all outgoing traffics from such server - if I am connected through RDP ?</P><P></P><P></P><P></P><P style="margin: 0in; margin-bottom: .0001pt;">Example :</P><P></P><P></P><P></P><P style="margin: 0in; margin-bottom: .0001pt;">AD : 192.168.0.100</P><P></P><P style="margin: 0in; margin-bottom: .0001pt;">Exchange : 192.168.0.200</P><P></P><P></P><P></P><P style="margin: 0in; margin-bottom: .0001pt;">If someone connects to AD through RDP , I need to deny him to make telnet to Exchange or make any access to LAN servers (Just if he connected&nbsp; through RDP)</P><P></P><P></P><P></P><P>Thanks</P> Mon, 11 Mar 2019 21:12:10 GMT islam.irshaid 2019-03-11T21:12:10Z https://community.cisco.com/t5/network-security/rdp-access-list/m-p/1747673#M533472 <P style="margin: 0in; margin-bottom: .0001pt;">Dear Experts,</P><P></P><P style="margin: 0in; margin-bottom: .0001pt;">Just want to ask you if&nbsp; can i permit RDP connection to AD Server but at the same time deny all outgoing traffics from such server - if I am connected through RDP ?</P><P></P><P></P><P></P><P style="margin: 0in; margin-bottom: .0001pt;">Example :</P><P></P><P></P><P></P><P style="margin: 0in; margin-bottom: .0001pt;">AD : 192.168.0.100</P><P></P><P style="margin: 0in; margin-bottom: .0001pt;">Exchange : 192.168.0.200</P><P></P><P></P><P></P><P style="margin: 0in; margin-bottom: .0001pt;">If someone connects to AD through RDP , I need to deny him to make telnet to Exchange or make any access to LAN servers (Just if he connected&nbsp; through RDP)</P><P></P><P></P><P></P><P>Thanks</P> Mon, 11 Mar 2019 21:12:10 GMT https://community.cisco.com/t5/network-security/rdp-access-list/m-p/1747673#M533472 islam.irshaid 2019-03-11T21:12:10Z https://community.cisco.com/t5/network-security/rdp-access-list/m-p/1747674#M533475 <HTML><HEAD></HEAD><BODY><P>If you want to do that then you really need to have the AD server on a separate DMZ. Even private vlans would not help in this situation because the AD server needs to communicate with other LAN servers.</P><P></P><P>So you would need a DMZ on the firewall for the AD server or at the very least a different vlan for the AD server that you can apply an access-list to.</P><P></P><P>Having said that if you did move your AD server to a DMZ then you would have to open a fair few ports to allow it to communicate to the servers on the LAN. </P><P></P><P>It's not an easy thing to do either way.</P><P></P><P>Jon</P></BODY></HTML> Tue, 16 Aug 2011 12:12:41 GMT https://community.cisco.com/t5/network-security/rdp-access-list/m-p/1747674#M533475 Jon Marshall 2011-08-16T12:12:41Z