Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Split tunneling pros and cons

I have heard from several cisco engineers as well as from other analyst that split tunneling should not be used if possible because of the security risk. Can anyone address what the specifics are with regard to these security risks ? How can split tunneling be used by a hacker to access my internal network ? Is anyone out there currently using split tunneling ? I am using Cisco 3000 series concentrators for lan to lan and the Cisco client and 3002 hardware client for remote access.

3 REPLIES
New Member

Re: Split tunneling pros and cons

Hello,

Split tunneling can allow what we call a "u-turn" attack. If the workstation that has established the VPN with a Secured network is using software without any sort of Firewalling built in, or there is no Physical Firewall protecting the user, Effectively the host running the VPN software could be compromised via the Internet Access portion of the split tunnel. A Cracker could compromise the connection and in turn traverse the VPN Tunnel to the Corporate Network Making Moot any Encryption whatsoever.

New Member

Re: Split tunneling pros and cons

Would that same argument be true for a hardware client such as the 3002 where the user is being PAT'd before getting to the internet and for lan to lan connections where the tunnel terminates at another Cisco 3000 ?

New Member

Re: Split tunneling pros and cons

Seems to me only if an exploit is available. I have not heard of any compromises where the previous case I have mention was actually accomplished. Again its theoretical and the purist say it could happen. From my limited perspective, I have not seen such.

Regards,

Jerry

1277
Views
0
Helpful
3
Replies
CreatePlease to create content