Concentrator 3015 - Can you lock clients down by PORT?

I have a 3015 setup and have created a tunnel, which works fine. I also have it locked down to specific IP addresses.
My question is, Can you lock the cleints down to only a few specific ports? (ex. port 3389 only)

Yes, you can. There are a few steps that you need to take in order to do this. In a nutshell, you need to define a set of rules, create a filter, and then apply the filter to the group.
To create the rules, go to: Configuration->Policy Management->Traffic Management->Rules
Here is a link that discusses rules within the concentrator. If you scroll down the page a bit, the section below this one walks you through the process to create the rules. Take a look at some of the default rules that are configured. One thing to keep in mind is that you need to define rules for the return traffic as well unless you want to use some of the default rules to allow all outbound traffic going back to the clients.
http://www.cisco.com/univercd/cc/td/doc/product/vpn/vpn3000/3_6/config/polmgt.htm#1321359
Once you have your rules defined, you need to setup a filter. The filter is nothing more than a group that allows all of the rules you have defined to be associated together. The link below talks about filters and the section below talks about adding a new filter. To create the filter go to Configuration->Policy Management->Traffic Management->Filters
http://www.cisco.com/univercd/cc/td/doc/product/vpn/vpn3000/3_6/config/polmgt.htm#1321359
Once you have your filter defined, you need to associate it to a group. This is done in Configuration->User Management->Groups, selecting the group to apply the filter to and modifying the group. On the General tab for the group being modified, there is an option to associate a filter to the group. Select the filter you setup and apply your changes.
I would setup a test group to allow you to get comfortable with setting up the rules/filters before implementing them on a production group where you could impact users. This will let you make sure the rules/filter you have setup works the way you expect it to while not impacting any of the production users.
HTH
-Steve

Similar Messages

  • Acrobat xi - RE: Add sound icon- skin displayed is a 'blank white box' until it is clicked to activate it- can you lock skin to display before its activated so that in a print run the skin shows up (ie the controls-or any kind of greyed out rectangle, lik

    Hi,
    Acrobat xi - RE: Add sound icon- skin displayed is a 'blank white box' until it is clicked to activate it- can you lock skin to display before its activated so that in a print run the skin shows up (ie the controls-or any kind of greyed out rectangle, like video controls before 1st activation) and not the blank white box- if no, I guess I have to activate all sound icons before doing a print run?thanks)).

    Many of your points are totally legitimate.
    This one, however, is not:
    …To put it another way, the design of the site seems to be geared much more towards its regular users than those the site is supposedly trying to "help"…
    The design and management of the forums for more than five years have driven literally dozens of the most valuable contributors and "regulars" away from the forums—permanently.
    The only conclusion a prudent, reasonable person can draw from this state of affairs is that Adobe consciously and deliberately want to kill these forums by attrition—without a the PR hit they would otherwise take if they suddenly just shut them down.

  • Can you lock a pdf file?

    Hi all! I have a client who has created a pdf booklet. It's a form that people will be filling out. She wants to distribute it on a CD. So... people will have to be able to copy it to their computer to open and fill it in. However, she then wants them to NOT be able to copy the pdf (she doesn't want it duplicated so that others can use it). Is this even possible? Can you lock a pdf like that? Thanks!
    Julie

    >What kind of restrictions?
    Check File>Properties>Security for the different options.
    Keep in mind that security on a PDF file is easy to get around.

  • Can you lock the keyboard in position

    Can you lock the keyboard

    You can lock the screen, which would lock the keyboard/Screen. You can "Dock" the keyboard and "undock it". When the keyboard is up, hold your figer down on the bottom right (keyboard picture) and hit dock. To lock the screen double tap home, swipe right, on the far left big circle, tap it.

  • Can you lock touch screen when watching videos!??

    Can you lock the screen so it doesn't become a touch screen when watching videos!??
    Just got new ipod (7th gen) and this driving me crazy that I think I'm going to continue to use my older one unless there is a solution out there. I watch tv shows while commuting and while walking here or there I have to 'palm' the ipod or walk with it at my side, and the problem is that since the touch screen is sooooo sensitive I keep fwding/rewinding/swiping the screen to something else, and then to get back to that part in the video is a pain because unlike the older ipod you can just fwd a few secs, this one jumps minutes because it's so sensitive. PLEASE tell me there's a way to lock it from accidently touching it!

    No - there is no such switch on the iPad - the switches control volume, muting, screen rotation, and the home button itself.
    You could place it behind a screen of some sort so touching the outer screen won't affect the iPad screen - I've seen ads for 'presentation kiosk' type devices for the iPad that allow this, although I'm not sure how practical they would be in the backseat of a car.

  • Can you lock messages and other apps now with touch id?

    with ios8 on the iPhone 6, can you lock your messages and other apps with your touch id?

    Here is all we currently know about iOS 8:
    http://www.apple.com/ios/
    We will have to wait until iOS 8 is released to find out anything else.

  • 10G db console - who gets access to it can you tie it down?

    Hi Guys
    I'm a newbie - with a certain amount of knowledge and lack of management support (I'm the only person in the sys admin team with Oracle knowledge - and have done certs). Forgive me for asking the obvious.
    My interpretation of 10g's installation of the "console" is that it is designed to make the job of managing a database easier for DBA's.
    Previously, with 9i console - I could enable other teams to have access to the whole of the database structure - but only as read only users and not give them sys/system or even dba access - but they could still have access to the structure under that user.
    Although 10g has the console - the old Enterprise Management Console still works with 10g as it did with 9i - and they can still see exactly what they did before - but not change anything.
    However, we are now in a situation where we have a new person in GIS team who insists they are an Oracle DBA (done one course on Oracle) and want all rights (as they had it in their previous job which was a much smaller organisation than we have) to the db console.
    The license they have is for Oracle Standard only.
    Have explained - they can have DB console but only for a standalone instance (not yet created - so they don't get it until the intance is created) and asked why they want the DB console and how will they use it?
    I got no answers but was told to leave the meeting as I was preventing them from doing "their" job - so I left.
    The DB console is designed for DBAs to manage the environment in a more newbie friendly way, yes?
    The DB console actually does control how the database works - and has facilities for DBA functions RMAN management, tablespace management/creation, users etc, normal DBA stuff, yes?
    And if you don't have the licence to monitor performance - well then you either disable or ignore? It can do some powerful stuff - but since we have TOAD and SPOTLIGHT - that's what we use to monitor overall.
    My question is - do you allow - non DBA's access to db console - and how do you set them up as users to just see certain tablespaces?
    What I've read so far - not extensive - the DB console user has to have the DBA role at least for it function?
    Or have I missed something and I can give this person the rights - but only allow them read only?
    Also, I wonder why would you need the db console - if you are a GIS officer?
    This person has also asked for a server totally under his control - at no cost in terms of licenses.
    In the meeting that person saidthat they didn't need any Oracle licenses for a test-bed environment.
    I explained that since it was a corporate environment that licensing - even if just a named user as a test generic - as long as it wasn't concurrent - was required.
    I was told by this person that Oracle test environments were free in a corporate environment and I was talking rubbish.
    I have multiple test environments in our place - and by multiple I mean 20 test environments - and those guys have all paid for their licences based on what I've told the Oracle account person direct - and our test environment is named users only - and I monitor it closely.
    These new GIS guys - have never talked to me about licenses or been involved with an Oracle account manager.
    But they say Oracle is free?
    The DB console is the main issue - license - I've already told them to cough up!
    DB console = contol the database - you can create tablespaces etc.
    So can I tie them down if I give them db console to read only - everything I've read so far says no because it's not designed for anything other than dba's?
    Thanks guys - I'm a newbie with my job on the line - seriously I'm fighting - but I may lose and am prepared to resign although I'll probably not get another job for a long time.
    Hey I can type fast - so I guess I'll get a job as a typist!!!!
    Thanks!!

    Thank you very much Stellios for your reply.
    Armed with your reply, I showed my line manager what db console is and does.
    I agree with you - and think often people ask for these things - DBA's put the brakes on but unless Managers undestand too what these things do - they assume anyone asking to have access should have it - in the same way as asking for other "applications".
    Sometimes as DBA's we try and put the brakes on - as I was doing - but then unless line managers understand - we're seen as being deliberately obstructive.
    Although having asked many times why the said person feels they need - they do have the old Enterprise Manager console access on their machine but set-up so they can just see a limited amount (although much, much more than they need).
    Based on the previous team - all they wanted was a pretty GUI picture of how many tablespaces there were and what objects were in the tablespace (although they should have known the objects as they put them there in most cases via the GIS application which also enables them too see the same in GUI form) but at that stage, the team were also developing a new database structure - so teaching them and giving them access to Enterprise Manager helped them understand more about how Oracle was structured underneath the hood but they only had readonly access and only to what their schemas contained.
    Although I know the new db console is there with 10g - it's not been installed with a service to run except on one test database (not set-up by me) which always seems to hang on shutdown because of the emagent process on the server.
    We use TOAD and Spotlight, SQL Plus - and so I haven't yet felt the need to use the console.
    However, I did quickly whizz through stuff to see if I could easily just enable them to see via the console via the web, access to schemas, tablespaces and objects only, but couldn't find and easy way of setting up a user account that just gave them that only. Admittedly, I haven't had time to experiment.
    The console seems to be designed as a DBA tool - albeit one that is more GUI friendly - rather than something to be used by non-DBAs just to look at the database structure.
    Is that the case in your experience? - and have you found a way just to enable a user read-only access to leap to the tab with tablespace management and schema management for that user (who created the tables) only?
    Thanks for you support!

  • Office 365 Video Portal can I lock this down to be viewable only at the office?

    So I'm rolling out a corporate Intranet using the Office 365 SharePoint Sites and wanted to host training videos on it through the Video portal. However we do not want anyone viewing these videos offsite. Is there anyway I can lock these down to only show on domain authenticated machines? Or by IP? Would love to use this tool but need to make sure it can only be used at the office. 
    This topic first appeared in the Spiceworks Community

    Hi Aby
    Thanks for a quick reply.
    Example of the requirement: "Difference should appear as unassigned (-ve or ve) at the same level"
    (Level 1) Product X has planned Qty 1000
    (Level 2) The Qty 1000 for product X is distributed to three sales offices using previous year sales contribution. Sales Office A get 400, B get 300 and C Get 300.
    Now if user executes a planning function (at Level 2)  "Increse the Sales Office A by 10%" then Sales Office A gets 440 units. The total planned quantity for product X become 1040. So the unassigned quantity at this level should be -40. In this way the product X palanned quantity at Level 1 will not change and user knows that he has to adjust this -40 in other sales offices.
    Hope this clears the requirement.

  • Metadata - Can you lock Metadata to prevent changes

    Using Aperture can I lock IPTC fields so that once I input the data and export images...other people can not change my metadata? (Other then in the original file stored within Aperture) For example I would like to lock my contact info and copyright fields when I export the images and email them around etc....
    When I open my jpg or any file in Bridge I can change all IPTC Metadata. Can I prevent these changes?
    Software:
    OS 10.4.11
    Aperture 2.1
    Adobe CS3
    Thanks
    Message was edited by: Keith254

    No, there's no way to do that. Once you've exported a JPEG or TIFF file, any image editor can change IPTC information -- there is no DRM equivalent in the file format to "watermark" this info in there.

  • Can you lock certain folders on your iPhone

    I want to be able to lock certain folders on my iphone - besides locking my phone overall - can you do that?

    No.

  • Can you 'lock' a cell in numbers?

    Was wondering if you can 'lock' or protect a cell in numbers like you can in excel?

    Alan,
    No, you can not lock an individual cell in Numbers unless that cell happens to be a 1-cell table. Entire tables may be locked, but no individual cells within a table. So, put all the stuff you want to lock into one table and all the stuff that will be dynamic into another.
    Arrange > Lock.
    Regards,
    Jerry

  • Can you lock apps in iOS 8

    I Heard that you could lock apps with a passcode on iOS 8? Can you as I have been looking everywhere for it, or was it just A rumour, please help

    Unknown. You can look at the iOS 8 user guide here. http://help.apple.com/iphone/8/

  • Can you lock the edge screen while talking on the phone?

    I just recieved my new e=note edge, wondering if the edge screen can be locked while talking on it, worried it may not work for me? I am a lefty lol and this maybe a problem while talking on the phone? Or will it?

        Kellsmom02,
    Great question. We always want functionality of a device. Yes, you can lock this device while on a phone call. You holding the device will not disrupt the use of the device.
    RobinD_VZW
    Follow us on twitter @VZWSupport

  • Can you connect a iPad USB port into a TV and show the videos you play?

    Can you sue the USB to plug into a TV and show the videos?

    Sorry I meant USE not SUE.

  • Can you fix a dc in port yourself if a pinfrom an adapter is stuck init????

    can you, think about it

    See the post here "ibook g4 - charger plug connectivity issue"
    I'm tending more toward my last suggestion. Esp if it's the white connector block with the open back.
    a brody gives good advice here. How much of the plug is broken off: tip, tip & first ring?
    I've got an adapter here that has the tip broken off. It seems that there is a center connector that has come off with it. It would seem that if the tip broke off and no attempt was made to plug in a new connector that center connector would be retrievable with a nice pair of tweezers (like a dissecting type). I've got a pair here and it would seem like they would have to be ground very thin to do the job. Perhaps with a slot to receive the pin. If one had tried to plug in another adapter plug that pin would be skewed or driven deep within the plug body.
    Otherwise to take the power in board out to work with it you'll have to remove the battery, bottom case and bottom shield. (this is for the G4 14.1")It's held in with one screw.
    While it's out make sure the solder connections to the board are good and not loose. This often happens with stress on the connector.
    Here's a take apart for the 12":
    http://www.ifixit.com/Guide/Mac/iBook-G4-12-Inch/DC-In-Board/83/8
    Richard

Maybe you are looking for

  • SAP connectivity from Java to SAP 4.0

    Hi All, I am tried to send an IDOC(whose basic type, extension are known) to SAP system(ECC 6.0) using the SAP JCo API 3.0 and all works well. Now I used the same piece of code to connect to SAP 4.0 system but the following basic line of code has ran

  • Updating action type field in infotype 0000.

    Hi experts, I have to update the action type(MASSN)field and reason for action(MASSG)field in infotype 0000 for the existing record. I am trying to use function module HR_INFOTYPE_OPERATION to update it,but i am not able to update the action type fie

  • How can I control video presentations on opening the browser.

    The way I work is to allow all tabs to stay open until I have read them or until I have just too many to manage!!! This means when I reopen the browser I may have 5 or 6 videos which open and begin to chatter. I need to be able to close all videos wi

  • Best practice for creating large drop down menus?

    I'm attempting to transition from using Photoshop to Fireworks cs4 for design and prototyping of websites. Right now I'm working on re-creating a nav bar design in FW. The design calls for large drop down menus with lots of non-standard content simil

  • Replacing Profit Center value while sales order creation process - VA01

    Hi, Profit Center replacement   in Tcode VA01 and VA02 I want to replace the profit center value (COBL- PRCTR) in Account assignment TAB in sales order creation time VA01 and VA02 by using custom logic (Line item Material Group and Sales District VBK