01-22-2019 02:33 AM
Hello Everyone,
Is it possible to prevent VPN user that has access to server X only, from using server X to initiate connections via RDP/SSH/TELNET to other servers inside network?
is this possible on Firepower? or ASA firewall?
thanks
Solved! Go to Solution.
01-22-2019 11:53 PM - edited 01-22-2019 11:55 PM
As @marce1000 was alluding, the access control would have to be applied on the remote server.
Once you have been granted access to it, the ASA (or FTD or any VPN headend) no longer has visibility into the actions of the remote user on that server.
01-22-2019 02:47 AM
- Once the user is logged on to server X ; that problem is transferred to policy-auth rules as to what users can do from server-X albeit implemented by fire-walling or other solutions.
M.
01-22-2019 09:40 PM
01-22-2019 11:53 PM - edited 01-22-2019 11:55 PM
As @marce1000 was alluding, the access control would have to be applied on the remote server.
Once you have been granted access to it, the ASA (or FTD or any VPN headend) no longer has visibility into the actions of the remote user on that server.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: