We have put in place a new Cisco ASA 5505 for use by outside consultants, some who require Internet access via an outside wireless network we had installed for vendor use.
Some of these consultants also require VPN (via PPTP) access into our internal network.
It has come to our attention that some of the consultants that require VPN access are possibly modifying the routing tables on their notebooks to allow themselves to split tunnel their VPN connection while connected to our internal network.
Is there a way to enforce the policy of not allowing split tunneling while connected to our ASA. The users connecting to our VPN through the ASA 5505 will be forced to utilize a known static IP address in order to be allowed access to the VPN, as there is no way to reserve IP addresses in the ASA's version of DHCP, so we do have a bit of a start here?
We realize enforcing policies would be the best thing, but policies alone are not considered enough to those who audit us.