Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

VPN Question Split Tunnel vs Single Tunnel

Posted on 2010-08-13
6
Medium Priority
?
990 Views
Last Modified: 2012-05-10
Hello,

Can someone list for me the Pros and Cons of having a clients VPN connection route all traffic through the company's connection, vs doing split tunneling and only using the companies gateway only for company subnets, and your own for other traffic.

Thanks
0
Comment
Question by:Methodman85
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
6 Comments
 
LVL 98

Expert Comment

by:John Hurst
ID: 33434266
If people have to go through your VPN to get to the Internet, it will be quite slow (having had to do this myself). Split tunnel connection allows your remote clients to use Internet as they need to without hindering you, and thereby leaving tunnel resources for company only work.

VPN (any kind) through DSL connections (very normal circumstance) is slow because the VPN traffic is working both ways and therby affected by the slow upload speed.

I only use, recommend and employ split tunnel VPN. ... Thinkpads_User
0
 
LVL 1

Author Comment

by:Methodman85
ID: 33434343
What about the fact that split tunnel lets users be on the company's network, yet not adhere to any of their web browsing policy's. They can be accessing dangerous sites while connected to the network. Also, if they're site to site access permitted by another company. The user would only be able to access the partner company's site while they're in the office.

For instance, a partner allowed our external corporate IP address to traverse their network. If a user takes their laptop home, and needs to connect to the partners network, this isn't possible with split horizon since the connection to the partner will be going out through the users ISP's IP which isn't allowed to establish a connection.
0
 
LVL 98

Assisted Solution

by:John Hurst
John Hurst earned 664 total points
ID: 33434365
No solution is perfect, however, responsible workers generally do not cause too much issue with access to the internet. I deal with lots of clients each day.

I don't really understand your second point. I operate with numerous clients, numerous tunnels and numerous locations and do not usually get stuck. However for your particular situation, a non-split tunnel VPN might work.

You seem to want to use non-split tunnel VPN, and so do go ahead with that. I think ultimately you will find it too slow to be practical, but only you can assess that. Also, only you can assess your users.
... Thinkpads_User
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 14

Assisted Solution

by:anoopkmr
anoopkmr earned 668 total points
ID: 33435447
below link will give u some points

http://en.wikipedia.org/wiki/Split_tunneling
0
 
LVL 71

Accepted Solution

by:
Qlemo earned 668 total points
ID: 33436192
I agree to what thinkpads_user said. There is a single question only you have to ask: Do you need full control over Internet actions while connected? If so, there is no discussion - no split tunneling.

IMHO, the "full control while browsing" aspect is overemphasized by many admins. The connecting VPN machine still needs to have all security means enabled before using the VPN, else it can be infected already with malware, and it does not matter if the malicious sites are browsed while VPN-connected or not.
Having full control over the protection of the VPN client (AV aso.) is worth much more, and is not related to split-tunneling, which involves extreme lags and speed issues while browsing the Internet.
0
 
LVL 1

Author Closing Comment

by:Methodman85
ID: 33436483
Thanks for your input guys.
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I've had to do a bit of research to setup my VPN connection so that Clients can access Windows Server 2008 network shares.  I have a Cisco ASA 5510 firewall.  I found an article which was extremely useful: It had a solution if you use ASDM to config…
Juniper VPN devices are a popular alternative to using Cisco products. Last year I needed to set up an international site-to-site VPN over the Internet, but the client had high security requirements -- FIPS 140. What and Why of FIPS 140 Federa…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

636 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question