Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
287
Views
0
Helpful
2
Replies

Restricting Outbound Access

halletta
Level 1
Level 1

‎11-30-2005 01:38 PM - edited ‎03-09-2019 01:12 PM

I want to restict access to certain remote locations (by destination IP and port) to users who logon & use a Win2K3 Terminal Server. While a simple access-list on the PIX 515 can be used to restrict access to the destination from the TS source IP address only, I want to ensure that no clever user (bunch of engineers) circumvent the security by simply pulling the n/w cable on the TS and changing the IP address on their PC (NB: there is a reason for needing to restict access from the TS for application logging purposes). Is there any way that by running IAS on the TS it, it can authenticate itself to the PIX as a device, and only if that authentication is in place connections can take place? Any ideas or suggestions will be appreciated. Thanks

Labels:
0 Helpful
2 Replies 2

jackko
Level 7
Level 7

‎11-30-2005 04:26 PM

one way is to configure "virtual telnet". with this configured, users will need to authenticate first against the pix local database (or radius etc) by telnetting to a virtual ip sitting on the pix.

unfortunately, the cisco doco is not very detailed with this feature. anyway, here it is:

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a0080094ea9.shtml#vir_telnet_outbound

i've configured virtual telnet inbound, not outbound. i may give it a go in the lab. it sounds like fun.

0 Helpful

cfajardo1_2
Level 1
Level 1

‎11-30-2005 10:55 PM

the switch port security might be of help. restricting mac addresses per port.

0 Helpful
Customers Also Viewed These Support Documents