[c-nsp] Split tunneling on government networks

Herro91 herro91 at gmail.com
Wed Dec 4 10:16:02 EST 2013


Thanks to all for the feedback - this is very valuable!

Has anyone on the list explored Cisco's ScanSafe acquisition, now called
Cisco Cloud Web Security - as a means of providing protection in the cloud
that would potentially negate the requirement to bring all traffic back in
a full tunnel?


Thanks again!

-Doug


On Wed, Dec 4, 2013 at 10:09 AM, Bernie <zenbernie at gmail.com> wrote:

> As someone who formerly did fed government contract with multiple
> agencies, I've never seen split tunneling allowed on VPNs. Just one man's
> experience, I know.
>
>
> On Wed, Dec 4, 2013 at 9:05 AM, Matthew Huff <mhuff at ox.com> wrote:
>
>> I can't speak to the general aspect, but a close friend is a senior IT
>> admin at the IRS.
>>
>> At a minimum to vpn:
>>
>> 1) Has to use a work provided laptop
>> 2) Uses two factor authentication
>> 3) Is completely locked down
>> 4) No split tunneling
>>
>> He doesn't have access to IRS files, so I expect this is general practice
>> for all IRS employees and is mandated.
>>
>> ----
>> Matthew Huff             | 1 Manhattanville Rd
>> Director of Operations   | Purchase, NY 10577
>> OTA Management LLC       | Phone: 914-460-4039
>>
>> > -----Original Message-----
>> > From: cisco-nsp [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf
>> Of Herro91
>> > Sent: Tuesday, December 03, 2013 8:45 PM
>> > To: Cisco-nsp; Juniper-Nsp
>> > Subject: [c-nsp] Split tunneling on government networks
>> >
>> > Hello,
>> >
>> > I am doing some research regarding whether government agencies generally
>> > are for or against enabling split tunnels for their teleworkers?
>> >
>> > There are many pros and cons to both approaches, but trying to get a
>> feel
>> > from the community.
>> >
>> >
>> > Thanks!
>> > _______________________________________________
>> > cisco-nsp mailing list  cisco-nsp at puck.nether.net
>> > https://puck.nether.net/mailman/listinfo/cisco-nsp
>> > archive at http://puck.nether.net/pipermail/cisco-nsp/
>>
>> _______________________________________________
>> cisco-nsp mailing list  cisco-nsp at puck.nether.net
>> https://puck.nether.net/mailman/listinfo/cisco-nsp
>> archive at http://puck.nether.net/pipermail/cisco-nsp/
>>
>
>


More information about the cisco-nsp mailing list