3 comments

[ 4.8 ms ] story [ 19.5 ms ] thread
Cisco IPSec endpoints are more than capable of split horizon (split-DNS too) without having to bodge it on the client side.

If it isn't configured then netsec doesn't want split horizon. There is likely a company policy that if you are attached to their network, you are only attached to their network.

Yes, this is a company policy. The method just a way to subvert that
And if it's worth its salt will disconnect you once it sees the routing change.