*****Warning Will Robinson, long and may cause thinking!*****
First the important part. I know I will get a lot of responses on this is why so many points, I full intended to split the points equally among all thought out answers.
Will probably leave this open for a few days to give everyone time to respond. Fair time frame?
On to the "meat n taders".
Ok, I've been in a little argument over split tunneling. We have found MANY definitions of it, and where it is used.
Here are a few things I have found in different definitions. (Not that I agree with them)
1. Has to be from a VPN client software.
2. Has to take 2 different network routes (Ie 2 different gateways) one for Tunneled, one for untunneled
3. Has to have 2 active connections, one for encrypted, one for unencrypted
4. The unencrypted route being an unprotected network.
5. Unencrypted route no Intrusion Detection (accountability)
6. VPN devices (Cisco Concentrators, Netscreen VPN/FWs etc) do not count as split tunneled no matter the configuration.
7. User login to the VPN (ie user * pwd)
8. User gets a IP assigned by the VPN
9. All Traffic must flow through the VPN device/software *not tunnel*.
That should be enough of that
.
For myself if I were defining it, I would simply say.
Any VPN connection (client or device) where an asset accessing a VPN tunnel also has access to a different unencrypted route, not through the VPN tunnel, at the same time.
Couple examples.
ExA.. Box X. has a default gateway of .1, but has static routes for any tunneled traffic going to the VPNs .2 wouldnt this constitute split tunneled?
ExB. Box X has a default gateway of the VPN .1, But the VPN allows tunneled and clear traffic. Would this be split tunneling?
ExC. Box X at Central Site A, connects to Remote Central Site B. (through devices or software) Is still able to surf the net from Site As network, Yet also able to talk to boxes on Site B Both are protected networks you control and protect.
Key points on the definitions above.
1) Why? A VPN device is capable of allow servers behind it to do the same thing. ExA & ExB
2) What if the tunneled traffic is taking the same network route that the unencrypted traffic is? Then even though it is tunneled and untunneled its not split?
3) Ok, well depending on what you think of the rest of these definitions, this can go either way 
4) What if the unencrypted network is also a protected network? ExC
5) This plays in with #4.
6) See #1
7) This is one of the bigger ones I saw, basically describing L2TP as split tunneled Where a User Authenticates to the VPN. Not the VPN tunnel authenticating, but the user. If this is all that is required, not many tunnels are split then
..
8) Similar to #7
9) If that is the case client software is not split, all traffic is verified through the software of course most software has the ability to create rules/polices, allowing/disallowing certain traffic, and even some that allows you to use static routes, or 2 gateways depending on the network traffic
. But again.. all traffic goes through the software. Also Ex B & ExC.
One other thing I like to point out is, most places I see references to split tunneling is in conjunction with client software. But I think this is because this is most commonly where the vulnerability exists, and most commonly used.
But when finding it here, it doesnt (necessarly) define it as the client, just most places are pointing out the risk, while talking about using it or using their client.
Ok, hit me with what you guys think. What are your definitions/thoughts. Hope I made some sense.
P.S> Hope I used enough points for this :)
Start Free Trial
