Split Tunneling vs. Full Tunneling
Full Tunneling
/CAP/Network+/Visual%20Aids/Pasted%20image%2020241101132229.png)
- All traffic goes trhough enterprise VPN
- All traffic should go to tunnel 0 (0.0.0.0/0)
- Heavier load on VPN headend
- Every single packet crosses the internet gets decrypted by the outside interface, analyzed, sent out to the internet, the response comes back in. We look at the response, we encrypt it, and then send it back out again. So a lot more work on the server side.
- You can just buy more fast equipment.
- More secure
- Full control over all that traffic
- Less optimal path
- It's gonna add delay, additional overhead.
Split Tunneling
/CAP/Network+/Visual%20Aids/Pasted%20image%2020241101132827.png)
-
Any user can go out and browse a web server and it can talk to it just fine, everything is fast and easy, and not a single packet needs to go the VPN headend. The only packets that we would send through the corporate tunnel are going to be for networks, that actually live here.
-
This is part of a split tunneling list. Remember that when you connect, there's that process where a network configuration or policy is being pushed to you, and it determines which IP traffic will be passing through the tunnel and which will be sent out to the internet.
-
Faster but less secure
-
Enterprise traffic goes to enterprise VPN
-
Other traffic goes directly to destination and comes directly back to us.
- There is not intermediate agent that is doing sanitizing.
-
Less load on VPN
-
Less secure
- People are directly conversating with a web server, which is a good way to get compromised, and they're attached to your VPN while they're doing it.
-
More optimal path
- Lower latency
- Talking to the web server directly and getting direct responses.