11-30-2005 01:38 PM - edited 03-09-2019 01:12 PM
I want to restict access to certain remote locations (by destination IP and port) to users who logon & use a Win2K3 Terminal Server. While a simple access-list on the PIX 515 can be used to restrict access to the destination from the TS source IP address only, I want to ensure that no clever user (bunch of engineers) circumvent the security by simply pulling the n/w cable on the TS and changing the IP address on their PC (NB: there is a reason for needing to restict access from the TS for application logging purposes). Is there any way that by running IAS on the TS it, it can authenticate itself to the PIX as a device, and only if that authentication is in place connections can take place? Any ideas or suggestions will be appreciated. Thanks
11-30-2005 04:26 PM
one way is to configure "virtual telnet". with this configured, users will need to authenticate first against the pix local database (or radius etc) by telnetting to a virtual ip sitting on the pix.
unfortunately, the cisco doco is not very detailed with this feature. anyway, here it is:
i've configured virtual telnet inbound, not outbound. i may give it a go in the lab. it sounds like fun.
11-30-2005 10:55 PM
the switch port security might be of help. restricting mac addresses per port.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide