Yes, it is possible. If you receive packets with an internal source address
on the external interface it will send the response to the internal address.
There are obviously some restrictions with this, but it is perfectly
sufficient to propagate some attacks to the inside, for instance.
---
Your question may already be answered in Windows Vista Security:
http://www.amazon.com/gp/product/047...otectyourwi-20
"thinkstorm" wrote:
> On Aug 9, 11:14 am, Jesper <Jes...@discussions.microsoft.com> wrote:
> > Yes, any time you use a split tunnel you compromise the security of the
> > company. You just turned that computer into a router between the Internet and
> > the internal network at the company. It is a rather big security risk.
> >
>
> I don't know if I agree on the "router" term - is it actually possible
> to "route" IP packets from external sources, through my firewall,
> through NAT, to an IP address within the VPN? How's the routing
> between interfaces affected, if I don't allow ICS?
>
> Thorsten
>
>