Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3580
Views
0
Helpful
3
Replies

Split tunneling pros and cons

evanderb
Level 1
Level 1

‎07-24-2001 03:52 PM - edited ‎03-08-2019 08:31 PM

I have heard from several cisco engineers as well as from other analyst that split tunneling should not be used if possible because of the security risk. Can anyone address what the specifics are with regard to these security risks ? How can split tunneling be used by a hacker to access my internal network ? Is anyone out there currently using split tunneling ? I am using Cisco 3000 series concentrators for lan to lan and the Cisco client and 3002 hardware client for remote access.

Labels:
0 Helpful
3 Replies 3

jerry.roy
Level 1
Level 1

‎07-24-2001 04:13 PM

Hello,

Split tunneling can allow what we call a "u-turn" attack. If the workstation that has established the VPN with a Secured network is using software without any sort of Firewalling built in, or there is no Physical Firewall protecting the user, Effectively the host running the VPN software could be compromised via the Internet Access portion of the split tunnel. A Cracker could compromise the connection and in turn traverse the VPN Tunnel to the Corporate Network Making Moot any Encryption whatsoever.

0 Helpful

evanderb
Level 1
Level 1
In response to jerry.roy

‎07-24-2001 04:30 PM

Would that same argument be true for a hardware client such as the 3002 where the user is being PAT'd before getting to the internet and for lan to lan connections where the tunnel terminates at another Cisco 3000 ?

0 Helpful

jerry.roy
Level 1
Level 1
In response to evanderb

‎08-06-2001 09:52 AM

Seems to me only if an exploit is available. I have not heard of any compromises where the previous case I have mention was actually accomplished. Again its theoretical and the purist say it could happen. From my limited perspective, I have not seen such.

Regards,

Jerry

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents