cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Announcements
Choose one of the topics below to view our ISE Resources to help you on your journey with ISE

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

385
Views
0
Helpful
1
Replies
Highlighted
Beginner

Get around NAC from bastion hosts

Hi,

We are planning to implement 801.x with dynamic VLAN assignment such that different group will have different access policies to our internal network, however I have a basic question regarding this approach. Say users in sales group is not allowed to access HR servers, I can simply apply an ACL on sale's VLAN to block this connection, but how do I stop the connection if a sales person login to a sales server and from there to make connections to HR servers?

Everyone's tags (2)
1 REPLY 1
Highlighted
Advocate

Get around NAC from bastion hosts

Are you allowing RDP access to these Sales servers? If so are you allowing access based on a shared account or are the users using their domain accounts? You can restrict remote desktop based on user groups in AD.

Here is a guide that should lock down access to your server for remote desktop -

http://www.techotopia.com/index.php/Configuring_Windows_Server_2008_Remote_Desktop_Administration#Controlling_Remote_Desktop_Access

Thanks,

Tarik Admani

Tarik Admani
*Please rate helpful posts*