IPSec Split Tunneling

Before I spend (more) hours clicking around on the Interwebs. Is there a non-intrusive way to split tunnel all my IPSec VPN users? I have about 200 mobile users and the way it was originally setup is incorrect. All traffic is flowing through my FireBox. I would like local internet traffic not to hit my firewall if possible.

Comments

  • edited January 30

    On your firewall config, unselect "Force All Traffic Through Tunnel" on the Resources tab and specify what IP addrs/subnet should be accessed via the IPSec VPN connection.

    Then you need to generate and distribute the new .wgx files to your users.

    Note that split tunneling is less secure for your site since it is possible if the client PC is owned by a hacker and the hacker could access your trusted resources in real time.

  • Yea, I was afraid of that, Most things I have been reading states to re-distribute the new .wgx files. I do understand the downside to split DNS also but thanks for mentioning it,

Sign In to comment.