Split-Tunneling
Okay. I need help explaining something. When you have a user that is using easy vpn to connect to the network and they need access to remote desktop into an outside network you need to enable split tunneling. I get it and I am trying to explain that you have to have it. Their arguement is that the user can use the internet while being connected but we are using a proxy server and I have tried to explain that the proxy is making the request on the behalf of that connection. They are not understanding why it is not just routing and why it can't go back out the outside interface. Can anyone give me a good explanation? 
Comments
-
darkerosxx
Banned Posts: 1,343
Needs better explanation imo:
You have a user at 1.1.1.1 that reaches the internet through a proxy server VPN'ing to 2.2.2.2 AND wanting to RDP to 3.3.3.3? -
HeroPsycho
Inactive Imported Users Posts: 1,940
FYI, split tunneling is a major security risk.Good luck to all! -
JDMurray
Admin Posts: 13,078 Admin
The Wikipedia has a nice and concise article on split tunneling. And I've seen it mentioned as a security vulnerability too in CISSP study material. -
wagnerbm
Member Posts: 38 ■■□□□□□□□□
You are correct with the user wanting to have a tunnel from 1.1.1.1 to 2.2.2.2 but wants to rdp to 3.3.3.3 -
stealthtt
Member Posts: 14 ■□□□□□□□□□
I replied to the post in the CCSP section, then saw this one here...
The firewall can do NAT for the outside VPN client and allow it to access networks on the outside without split-tunneling.