Solved

VPN Question Split Tunnel vs Single Tunnel

Posted on 2010-08-13
6
927 Views
Last Modified: 2012-05-10
Hello,

Can someone list for me the Pros and Cons of having a clients VPN connection route all traffic through the company's connection, vs doing split tunneling and only using the companies gateway only for company subnets, and your own for other traffic.

Thanks
0
Comment
Question by:Methodman85
6 Comments
 
LVL 92

Expert Comment

by:John Hurst
ID: 33434266
If people have to go through your VPN to get to the Internet, it will be quite slow (having had to do this myself). Split tunnel connection allows your remote clients to use Internet as they need to without hindering you, and thereby leaving tunnel resources for company only work.

VPN (any kind) through DSL connections (very normal circumstance) is slow because the VPN traffic is working both ways and therby affected by the slow upload speed.

I only use, recommend and employ split tunnel VPN. ... Thinkpads_User
0
 
LVL 1

Author Comment

by:Methodman85
ID: 33434343
What about the fact that split tunnel lets users be on the company's network, yet not adhere to any of their web browsing policy's. They can be accessing dangerous sites while connected to the network. Also, if they're site to site access permitted by another company. The user would only be able to access the partner company's site while they're in the office.

For instance, a partner allowed our external corporate IP address to traverse their network. If a user takes their laptop home, and needs to connect to the partners network, this isn't possible with split horizon since the connection to the partner will be going out through the users ISP's IP which isn't allowed to establish a connection.
0
 
LVL 92

Assisted Solution

by:John Hurst
John Hurst earned 166 total points
ID: 33434365
No solution is perfect, however, responsible workers generally do not cause too much issue with access to the internet. I deal with lots of clients each day.

I don't really understand your second point. I operate with numerous clients, numerous tunnels and numerous locations and do not usually get stuck. However for your particular situation, a non-split tunnel VPN might work.

You seem to want to use non-split tunnel VPN, and so do go ahead with that. I think ultimately you will find it too slow to be practical, but only you can assess that. Also, only you can assess your users.
... Thinkpads_User
0
Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

 
LVL 14

Assisted Solution

by:anoopkmr
anoopkmr earned 167 total points
ID: 33435447
below link will give u some points

http://en.wikipedia.org/wiki/Split_tunneling
0
 
LVL 68

Accepted Solution

by:
Qlemo earned 167 total points
ID: 33436192
I agree to what thinkpads_user said. There is a single question only you have to ask: Do you need full control over Internet actions while connected? If so, there is no discussion - no split tunneling.

IMHO, the "full control while browsing" aspect is overemphasized by many admins. The connecting VPN machine still needs to have all security means enabled before using the VPN, else it can be infected already with malware, and it does not matter if the malicious sites are browsed while VPN-connected or not.
Having full control over the protection of the VPN client (AV aso.) is worth much more, and is not related to split-tunneling, which involves extreme lags and speed issues while browsing the Internet.
0
 
LVL 1

Author Closing Comment

by:Methodman85
ID: 33436483
Thanks for your input guys.
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Juniper VPN devices are a popular alternative to using Cisco products. Last year I needed to set up an international site-to-site VPN over the Internet, but the client had high security requirements -- FIPS 140. What and Why of FIPS 140 Federa…
I recently attended Cisco Live! in Las Vegas, a conference that boasted over 28,000 techies in attendance, and a week of hands-on learning hosted by a solid partner with which Concerto goes to market.  Every year, Cisco displays cutting-edge technol…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…

867 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now