Why Split Tunneling Isn’t an Issue in DirectAccess
I remember way back when I was working with Windows 95 clients and playing with the VPN capabilities included with that system. I don’t remember if VPN came with Windows 95 at RTM – I think that was a feature added well after the RTM release. I would play with connecting it to Windows NT, and it worked great. Even connected it to the Internet. That’s when I learned about split tunneling.
Back in Windows 95 days, split tunnel was an issue that you had to be aware of for your VPN clients, since it included the possibility of routing between networks. However, that hasn’t been an issue for quite a while for Windows client operating systems.
However, in terms of DirectAccess, its even less of an issue. One thing that people need to keep in mind is that DirectAccess is not a VPN solution, and doesn’t work like a VPN. I know that Tom had written some articles about how DA was MS’s new VPN solution, but I don’t think he fully understood the underpinnings of DA and how DA works. I’m confident now that he doesn’t believe that DA is a VPN solution 🙂
In fact, Tom has done a nice piece regarding DA split tunneling and how it’s not a security issue on his “Edge Man” blog site. I’m not sure I like that name, but he likes it, so he can keep it for now 😉
Check out Tom’s article over at:
DEBRA LITTLEJOHN SHINDER
MVP (Enterprise Security)