Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1723
Views
0
Helpful
1
Replies

Cisco secure acs

karl.jones
Level 1
Level 1

‎07-02-2002 06:53 AM - edited ‎02-21-2020 10:01 AM

Hi

If I have a TACACS server authenticating incoming ras sessions and I apply users to a group that only allows telnet access to 172.16.3.1 for example, if someone dials in, telnets to that Ip address, will they then once connected to 172.16.3.1:23 be able to telnet from that box to other boxes on the network.

Any thoughts here would be appreciated

Regards

Labels:
0 Helpful
1 Reply 1

bstillman
Level 1
Level 1

‎07-02-2002 04:57 PM

Yes, they will be able to telnet to other devices. If this box is a router, you can deny that user from executing the telnet command via ACS. However, if the box is a UNIX server, there is no way to stop that user from telnetting to other devices. If you put the box on an isolated segment, you could implement ACLs on your router and not allow that box to telnet to other devices on your network.

0 Helpful
Customers Also Viewed These Support Documents