Home Page

Firewalls

Email & Spam

Security Terminology

Security Topics

VPN & Cryptography

Wireless

 

 

 

VPN Terminology

VPN Tutorial Guide

3DES

AES

Aggressive Mode

Authentication Header

Asymmetric Encryption

Authentication

Certification Authority

Data Integrity

DES

Diffie-Hellman

Digital Certificate

Dynamic IP addresses

Encryption

ESP

IKE Oakley & ISAKMP

IPSec

IPSec Quick Mode

L2TP

Main Mode

MD5

NAT-T

PFS

PKI

Policy-vs-Route-VPN

PPTP

Pre-Shared Key

Remote Access User

RSA

Security Association

Sha-1

Site to Site VPN

SSL VPN

Transform Sets

Tunnel mode and Transport mode

VPN client tunneling option

VPN Topologies

VPN Tunnel

 

Security Products Guide

Which Anti-Virus Software?

Which Firewall?

Which Spam Filter?

Which Internet Security Suite?

 

What is Guide

What is a Firewall?

What is a Virus?

What is Spam?

 

Essential Security Guides

Securing Windows XP Guide

Securing Windows Vista Guide

A Guide to Wireless Security

 

Other

Top 8 Internet Security tips

Why both, Firewall and Anti Virus?

Free or purchased security - Which one?

 

 

Client VPN Tunelling - VPN Tutorial

 

 

Tunneling

You will tend to have 3 tunneling options when using an IPSec VPN client;

Tunnel everything –

Means all traffic at a client will be encrypted and sent through the IPSec tunnel.

Tunnel everything apart from local LAN –

Everything will be encrypted and sent through the tunnel unless it is traffic for your local LAN such as a network printer, a file server somewhere on the LAN, etc.

Split tunneling –

In this setup when you surf the web, it is a direct connection to the internet without it being encrypted and traveling via the VPN concentrator or VPN server. However you can still access the corporate LAN through the IPSec tunnel, hence the name split tunneling. So you have two tunnels, one is encrypted when your browsing the internet and the other is encrypted when accessing your corporate LAN.

Split tunneling means you will be able to browse the web and the browsing will not be affected through the VPN encrypted tunnel. However this does provide a security concern. As you now have a tunnel to your corporate LAN and you can freely browse the web. You have opened a pathway from the internet to your corporate LAN via your laptop. This means if your laptop has been infected, a criminal can easily access your corporate LAN via your compromised laptop.

Usually the default setting and most secure option is to tunnel everything. Of course you may experience slower browsing as all traffic will be traveling through the IPSec tunnel to you corporate gateway, and having all these security headers added to it, as well as secure filtering via your firewall web filter, anti-virus and other UTM features.

All major IPSec clients such as Fortigate VPN client, Cisco VPN client, Sonicwall, Juniper, Mcafee, Checkpoint supports the use of split tunneling.

Further Reading

Wikipedia's guide to VPN