Ask the Expert

Solutions for split tunneling with Microsoft PPTP

I've heard that there are now new solutions for split tunneling with Microsoft PPTP. I was told there are new utilities that ship with MS .NET server that allow an MS client using PPTP to do split tunneling. Can you tell me anything about this tool, like where to get it?

    Requires Free Membership to View

Microsoft has described the new feature set for their Windows .NET Server 2003, which can be used to configure split or non-split tunnel VPNs using Point-to-Point Tunneling Protocol. It's vaporware right now, but you can read more about it here (look for "split"). In the future, you will be able to use Microsoft's Enhanced Connection Manager Administration Kit (CMAK).

It's an interesting idea. However, be very careful with split-tunnel VPNs. Most of the companies I work with explicitly disable split-tunnel VPNs, or only deploy solutions that don't support split tunneling. The split tunnel allows your system to send packets to the Internet and across the VPN at the same time. It can help save on bandwidth, but it could cost you in terms of security. If the user somehow enables packet forwarding, or an attacker installs a relay on their box, a bad guy could send evil packets across the Internet across the split tunnel and through your VPN to the corporate network. I'd avoid split tunneling if I were you, unless bandwidth is extremely limited.


For more information on this topic, visit these other SearchSecurity.com resources:
Ask the Expert: Split tunneling in a VPN environment
Ask the Expert: Prohibiting split tunneling
News & Analysis: Crypto for VPNs


This was first published in October 2002

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: