Yes, any time you use a split tunnel you compromise the security of the
company. You just turned that computer into a router between the Internet and
the internal network at the company. It is a rather big security risk.
---
Your question may already be answered in Windows Vista Security:
http://www.amazon.com/gp/product/047...otectyourwi-20
"thinkstorm" wrote:
> Hi all,
> in [Control Panel>Network Connections] in my VPN Connection's
> [Properties->Networking->IPv4 Properties->Advanced->IP Settings], I
> disabled the "Use Default Gateway on Remote Network". When starting
> the VPN connection, I can now browse the Internet over my 8MB Comcast
> Cable, and access the company [192.168.48.* MASK 255.255.255.0] subnet
> through my VPN. Fine.
>
> Because I also need a couple of other servers and applications in some
> Intranet places, I grab my VPN IP address from 'ipconfig', and then
> manually want to add some routes.
>
> First problem 'route delete 192.168.48.*' fails - so I use 'route
> delete 192.168.48.0'. great. Now:
>
> route add 192.168.48.0 mask 255.255.255.0 <VPNIPAddress>
> route add 192.168.47.0 mask 255.255.255.0 <VPNIPAddress>
> route add 172.16.0.0 mask 255.255.0.0 <VPNIPAddress>
> route add 192.168.9.0 mask 255.255.255.0 <VPNIPAddress>
> route add 192.168.80.0 mask 255.255.255.0 <VPNIPAddress>
>
> ok, I hope I got everything now... My more important question: did I
> compromise the security of the company Intranet by using a VPN split
> tunnel - can someone from outside now access the Intranet (without ICS
> enabled!)?
>
> Cheers,
> Thorsten
>
>