Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
907
Views
0
Helpful
1
Replies

RDP Access-List

islam.irshaid
Level 1
Level 1

‎08-16-2011 12:55 AM - edited ‎03-11-2019 02:12 PM

Dear Experts,

Just want to ask you if  can i permit RDP connection to AD Server but at the same time deny all outgoing traffics from such server - if I am connected through RDP ?

Example :

AD : 192.168.0.100

Exchange : 192.168.0.200

If someone connects to AD through RDP , I need to deny him to make telnet to Exchange or make any access to LAN servers (Just if he connected  through RDP)

Thanks

Labels:
0 Helpful
1 Reply 1

Jon Marshall
Hall of Fame
Hall of Fame

‎08-16-2011 05:12 AM

If you want to do that then you really need to have the AD server on a separate DMZ. Even private vlans would not help in this situation because the AD server needs to communicate with other LAN servers.

So you would need a DMZ on the firewall for the AD server or at the very least a different vlan for the AD server that you can apply an access-list to.

Having said that if you did move your AD server to a DMZ then you would have to open a fair few ports to allow it to communicate to the servers on the LAN.

It's not an easy thing to do either way.

Jon

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card