?
Solved

VPN Question Split Tunnel vs Single Tunnel

Posted on 2010-08-13
6
Medium Priority
?
1,006 Views
Last Modified: 2012-05-10
Hello,

Can someone list for me the Pros and Cons of having a clients VPN connection route all traffic through the company's connection, vs doing split tunneling and only using the companies gateway only for company subnets, and your own for other traffic.

Thanks
0
Comment
Question by:Methodman85
6 Comments
 
LVL 99

Expert Comment

by:John Hurst
ID: 33434266
If people have to go through your VPN to get to the Internet, it will be quite slow (having had to do this myself). Split tunnel connection allows your remote clients to use Internet as they need to without hindering you, and thereby leaving tunnel resources for company only work.

VPN (any kind) through DSL connections (very normal circumstance) is slow because the VPN traffic is working both ways and therby affected by the slow upload speed.

I only use, recommend and employ split tunnel VPN. ... Thinkpads_User
0
 
LVL 1

Author Comment

by:Methodman85
ID: 33434343
What about the fact that split tunnel lets users be on the company's network, yet not adhere to any of their web browsing policy's. They can be accessing dangerous sites while connected to the network. Also, if they're site to site access permitted by another company. The user would only be able to access the partner company's site while they're in the office.

For instance, a partner allowed our external corporate IP address to traverse their network. If a user takes their laptop home, and needs to connect to the partners network, this isn't possible with split horizon since the connection to the partner will be going out through the users ISP's IP which isn't allowed to establish a connection.
0
 
LVL 99

Assisted Solution

by:John Hurst
John Hurst earned 664 total points
ID: 33434365
No solution is perfect, however, responsible workers generally do not cause too much issue with access to the internet. I deal with lots of clients each day.

I don't really understand your second point. I operate with numerous clients, numerous tunnels and numerous locations and do not usually get stuck. However for your particular situation, a non-split tunnel VPN might work.

You seem to want to use non-split tunnel VPN, and so do go ahead with that. I think ultimately you will find it too slow to be practical, but only you can assess that. Also, only you can assess your users.
... Thinkpads_User
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 14

Assisted Solution

by:anoopkmr
anoopkmr earned 668 total points
ID: 33435447
below link will give u some points

http://en.wikipedia.org/wiki/Split_tunneling
0
 
LVL 71

Accepted Solution

by:
Qlemo earned 668 total points
ID: 33436192
I agree to what thinkpads_user said. There is a single question only you have to ask: Do you need full control over Internet actions while connected? If so, there is no discussion - no split tunneling.

IMHO, the "full control while browsing" aspect is overemphasized by many admins. The connecting VPN machine still needs to have all security means enabled before using the VPN, else it can be infected already with malware, and it does not matter if the malicious sites are browsed while VPN-connected or not.
Having full control over the protection of the VPN client (AV aso.) is worth much more, and is not related to split-tunneling, which involves extreme lags and speed issues while browsing the Internet.
0
 
LVL 1

Author Closing Comment

by:Methodman85
ID: 33436483
Thanks for your input guys.
0

Featured Post

A Cyber Security RX to Protect Your Organization

Join us on December 13th for a webinar to learn how medical providers can defend against malware with a cyber security "Rx" that supports a healthy technology adoption plan for every healthcare organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Envision that you are chipping away at another e-business site with a team of pundit developers and designers. Everything seems, by all accounts, to be going easily.
Will you be ready when the clock on GDPR compliance runs out? Is GDPR even something you need to worry about? Find out more about the upcoming regulation changes and download our comprehensive GDPR checklist today !
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…
Suggested Courses

839 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question