XPost: comp.dcom.sys.cisco   
   From: martin.bodenstedt@gmx.de   
      
   marcial_colomer schrieb:   
      
   > You have to setup split tunneling on your concentrator.   
      
   But you don't really want to do this (for security reasons):   
      
   You customer's network most likely has a very strict internet policy   
   using a firewall, spam and virus checker - and possibly contains   
   sensitive data.   
      
   Now You open a remote VPN connection to this network through the   
   internet using your own internet connection.   
      
   By design, once the tunnel (your vpn connection that is) is established   
   your vpn client blocks all incoming or outgoing traffic on your computer   
   except the traffic going through the tunnel. This way your PC (and only   
   your PC no matter what else your PC is connected to locally) is made a   
   virtual extension to your customer's network.   
      
   Now consider free network access on your PC while the vpn connection is   
   open (which is called "split tunneling" because your network access is   
   split between the tunnel connection and local network access):   
      
   Suddenly all other PC's on your local network can access the customer's   
   network and - which is worse - your customer's network has a rogue   
   internet connection (thru your PC) bypassing that network's internet   
   access policy.   
      
      
      
   --   
   Martin Bodenstedt   
      
   (www.die-bodenstedts.de / www.maboko.de)   
      
   --- SoupGate-Win32 v1.05   
    * Origin: you cannot sedate... all the things you hate (1:229/2)