Remote Access & Split Tunnels

Unanswered Question
Nov 19th, 2008

How safe is split tunneling a remote access vpn client 5.0.04.0300. The tunnel is termined on a ASA 5520 7.2. Management wants the webfiltered for remote users, we have a websense remote server in the dmz and a websense client on the laptops. I always thought split tunnels can pose a security risk.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.

I my opionion I agree - if the remote users does not have an adequate firewall and AV, this poses a risk. They have access to the internet, while still connected to the network. If you are not using the built in firewall in the Cisco Client to limit traffic in/out - you might consider this.

I would however downgrade to version 4.8 straight away - I have read no end of comments from users in the forums about ver 5.x - flaky and just not ready. 4.8 stable - I have been running this on over 2000+ laptops with no issues for the last 1+ years.

What I generally do is tunnel all - and filter on the VPN device or second layer firewall. If you have WebSense - even better. Tunnel all and pass the web traffic into the DMZ for classification.

Actions

This Discussion