>[оверквотинг удален]
>>>
>>># access-list 108 dynamic admin_rdp timeout 10 permit tcp host xxx.xxx.xxx.xxx host
>>>
>>>yyy.yyy.yyy.yyy eq 3389
>>># access-list 108 deny tcp any host yyy.yyy.yyy.yyy eq 3389
>>>
>>
>>а какое событие будет триггером?
>
>попытка подключения с адреса xxx.xxx.xxx.xxx Это не триггер.
How Lock-and-Key Works
The following process describes the lock-and-key access operation:
1. A user opens a Telnet session to a border (firewall) router configured for lock-and-key. The user connects via the virtual terminal port on the router.
2. The Cisco IOS software receives the Telnet packet, opens a Telnet session, prompts for a password, and performs a user authentication process. The user must pass authentication before access through the router is allowed. The authentication process can be done by the router or by a central access security server such as a TACACS+ or RADIUS server.
3. When the user passes authentication, they are logged out of the Telnet session, and the software creates a temporary entry in the dynamic access list. (Per your configuration, this temporary entry can limit the range of networks to which the user is given temporary access.)
4. The user exchanges data through the firewall.
5. The software deletes the temporary access list entry when a configured timeout is reached, or when the system administrator manually clears it. The configured timeout can either be an idle timeout or an absolute timeout.
http://www.cisco.com/en/US/docs/ios/12_1/security/configurat...
>>вопрос: IP адрес xxx.xxx.xxx.xxx известен и фиксирован?
>
>Да
Пропишите обычный ACL
access-list 100 permit tcp host xxx.xxx.xxx.xxx host yyy.yyy.yyy.yyy eq 3389
.... другие правила
access-list 100 deny ip any any
