Print

Print


Could we enable LAN access without enabling true split tunneling, as in 
this document:

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a0080702992.shtml

Rama

On 10/15/2010 10:39 AM, Marc Farnum Rendino wrote:
> Hmm... I'm as much a stickler as anyone for security (ask anyone :),
> however isn't this one of those situations where we're:
>
> - attempting to avoid a *potential* cost (ex: a security breach)
>
> - by paying a *certain* cost (ex: lost functionality, increased support
> costs, attempts to route around...)?
>
> And it seems to me that the potential increase in risk (of allowing
> split-tunneling) is minor, since the "horse is already out of the barn"
> so to speak, in that the security of the remote machines connecting in
> to the VPN is an unknown. And that's pretty much the same as the vast
> majority of machines on campus too.
>
> The cost/benefit doesn't seem to work out.
>
> On Thu, Oct 14, 2010 at 10:32 PM, Dan Brisson <[log in to unmask]
> <mailto:[log in to unmask]>> wrote:
>
>     Bryan is correct that security best practices dictate not using
>     split tunneling.
>
>