I have heard from several cisco engineers as well as from other analyst that split tunneling should not be used if possible because of the security risk. Can anyone address what the specifics are with regard to these security risks ? How can split tunneling be used by a hacker to access my internal network ? Is anyone out there currently using split tunneling ? I am using Cisco 3000 series concentrators for lan to lan and the Cisco client and 3002 hardware client for remote access.
Split tunneling can allow what we call a "u-turn" attack. If the workstation that has established the VPN with a Secured network is using software without any sort of Firewalling built in, or there is no Physical Firewall protecting the user, Effectively the host running the VPN software could be compromised via the Internet Access portion of the split tunnel. A Cracker could compromise the connection and in turn traverse the VPN Tunnel to the Corporate Network Making Moot any Encryption whatsoever.
Would that same argument be true for a hardware client such as the 3002 where the user is being PAT'd before getting to the internet and for lan to lan connections where the tunnel terminates at another Cisco 3000 ?
Seems to me only if an exploit is available. I have not heard of any compromises where the previous case I have mention was actually accomplished. Again its theoretical and the purist say it could happen. From my limited perspective, I have not seen such.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :