Solutions for split tunneling with Microsoft PPTP

I've heard that there are now new solutions for split tunneling with Microsoft PPTP. I was told there are new utilities...

that ship with MS .NET server that allow an MS client using PPTP to do split tunneling. Can you tell me anything about this tool, like where to get it?

Microsoft has described the new feature set for their Windows .NET Server 2003, which can be used to configure split or non-split tunnel VPNs using Point-to-Point Tunneling Protocol. It's vaporware right now, but you can read more about it here (look for "split"). In the future, you will be able to use Microsoft's Enhanced Connection Manager Administration Kit (CMAK).

It's an interesting idea. However, be very careful with split-tunnel VPNs. Most of the companies I work with explicitly disable split-tunnel VPNs, or only deploy solutions that don't support split tunneling. The split tunnel allows your system to send packets to the Internet and across the VPN at the same time. It can help save on bandwidth, but it could cost you in terms of security. If the user somehow enables packet forwarding, or an attacker installs a relay on their box, a bad guy could send evil packets across the Internet across the split tunnel and through your VPN to the corporate network. I'd avoid split tunneling if I were you, unless bandwidth is extremely limited.

For more information on this topic, visit these other SearchSecurity.com resources:
Ask the Expert: Split tunneling in a VPN environment
Ask the Expert: Prohibiting split tunneling
News & Analysis: Crypto for VPNs

This was first published in October 2002

Dig Deeper on Network Protocols and Security



Find more PRO+ content and other member only offers, here.

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.



Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: