Q

Solutions for split tunneling with Microsoft PPTP

I've heard that there are now new solutions for split tunneling with Microsoft PPTP. I was told there are new utilities...

that ship with MS .NET server that allow an MS client using PPTP to do split tunneling. Can you tell me anything about this tool, like where to get it?

Microsoft has described the new feature set for their Windows .NET Server 2003, which can be used to configure split or non-split tunnel VPNs using Point-to-Point Tunneling Protocol. It's vaporware right now, but you can read more about it here (look for "split"). In the future, you will be able to use Microsoft's Enhanced Connection Manager Administration Kit (CMAK).

It's an interesting idea. However, be very careful with split-tunnel VPNs. Most of the companies I work with explicitly disable split-tunnel VPNs, or only deploy solutions that don't support split tunneling. The split tunnel allows your system to send packets to the Internet and across the VPN at the same time. It can help save on bandwidth, but it could cost you in terms of security. If the user somehow enables packet forwarding, or an attacker installs a relay on their box, a bad guy could send evil packets across the Internet across the split tunnel and through your VPN to the corporate network. I'd avoid split tunneling if I were you, unless bandwidth is extremely limited.


For more information on this topic, visit these other SearchSecurity.com resources:
Ask the Expert: Split tunneling in a VPN environment
Ask the Expert: Prohibiting split tunneling
News & Analysis: Crypto for VPNs


This was last published in October 2002

Dig Deeper on Network Protocols and Security

PRO+

Content

Find more PRO+ content and other member only offers, here.

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close