Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1051
Views
10
Helpful
3
Replies

Prevent VPN user from attempting to access other servers by using RDP/SSH/TELNET

Go to solution
Samer R. Saleem
Level 4
Level 4

‎01-22-2019 02:33 AM

Hello Everyone,

 

Is it possible to prevent VPN user that has access to server X only, from using server X to initiate connections via RDP/SSH/TELNET to other servers inside network?

 

is this possible on Firepower? or ASA firewall?

 

thanks

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame
In response to Samer R. Saleem

‎01-22-2019 11:53 PM - edited ‎01-22-2019 11:55 PM

As @marce1000 was alluding, the access control would have to be applied on the remote server.

 

Once you have been granted access to it, the ASA (or FTD or any VPN headend) no longer has visibility into the actions of the remote user on that server.

View solution in original post

3 Replies 3

Go to solution
marce1000
VIP
VIP

‎01-22-2019 02:47 AM

 

 - Once the user is logged on to server X ; that problem is transferred to policy-auth rules as to what users can do from server-X albeit implemented by fire-walling or other solutions.

M.



-- ' 'Good body every evening' ' this sentence was once spotted on a logo at the entrance of a Weight Watchers Club !
0 Helpful

Go to solution
Samer R. Saleem
Level 4
Level 4
In response to marce1000

‎01-22-2019 09:40 PM

Can you elaborate more please?
thanks
0 Helpful

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame
In response to Samer R. Saleem

‎01-22-2019 11:53 PM - edited ‎01-22-2019 11:55 PM

As @marce1000 was alluding, the access control would have to be applied on the remote server.

 

Once you have been granted access to it, the ASA (or FTD or any VPN headend) no longer has visibility into the actions of the remote user on that server.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents