I have a wireless adsl router at home and use the Cisco VPN client on my pc to get to company resources. My question is, when you have a VPN connection up, does all the traffic go through the tunnel to that destination first, and then to the internet from there, or is only the traffic to the company resources put into the vpn tunnel, and the rest goes unencrypted throught the router to my ISP?
There is a stat window on the VPN sw that counts packets encrypted, decrypted, discarded and bypassed. When I access internet sites the bypassed number goes up a lot, when I access the company's email the ecrypted/decrypted goes up a lot. This makes me think that there is selection as to what goes through the tunnel. But if this is the case, then my wireless traffic to an internet site, if I use a public hotspot, would not be secure, right?
If I remember correctly that client adds specific routes to your routing table (Just check for any differences in your routing table while connected and then disconnected to confirm). That way company internal resources are routed through the VPN and other traffic will bypass the tunnel. If you want to secure other forms of communication to external sources while at a hotspot you would need to have a "internal proxy server" inside your company to accept connections and send them to the destination. This way your traffic traverses the tunnel rather than routing on the open internet. SSH port forwarding or using stunnel to a trusted server may also be a option for some applications. I would bring up your concerns with your IT security group to see what options may be available to you.