Split tunneling allows the IPSec
client to go directly to the Internet in Cleartext form for those destinations
that don’t require encryption. Split tunneling applies only to remote- access
IPSec tunnels, not to LAN-to-LAN connections.
Split tunneling eases the device-processing load, simplifies
traffic management, and speeds untunneled traffic. Split tunneling is a traffic
management feature, not a security feature. In fact, for optimum security, split
tunneling isn’t recommended. Because only the VPN Concentrator, not the IPSec
client, can enable split tunneling, it’s possible to control implementation and
minimize security vulnerabilities.
Split tunneling is disabled by default on both the VPN
Concentrator and the client. To enable and configure the feature, all entries
are made on the VPN Concentrator, and then pushed down to the IPSec client. The
default split-tunneling policy is Tunnel Everything, which
disables split tunneling. No traffic goes in clear text or to any destination
other than the VPN Concentrator. Remote users in this group reach Internet
networks through the corporate network and don’t have access to local
networks.
The Allow Networks in List to Bypass Tunnel
allows the administrator to define a list of networks to which traffic can go
without passing through the tunnel. This allows remote users to access devices
on their local networks, such as printers, while still connected to the
corporate network through a tunnel.
Only Tunnel Networks in List allows
remote users to access Internet networks without tunneling through the corporate
network.
Sections
Comments (0 posted)
Syndication
