DirectAccess and Split Tunneling

When you configure the UAG DirectAccess server solution, it automatically configures group policy so that the clients connect to the intranet over the DirectAccess IPsec tunnels, but connects to the Internet using the local NIC settings (that is to say, it connects directly to the Web server over its current Internet connection and does NOT send the request over the DirectAccess IPsec tunnels.

Split Tunneling is something that VPN admins worry about a lot, and for that reason they're concerned about the effects it might have for a DirectAccess solution. These are some good questions to ask, and after looking at the facts, I think you'll agree that Split Tunneling is a non-issue for DirectAccess clients - at least to the extent that there appears to be little difference from a security perspective (from the corpnet point of view) whether the DA client is configured to enable split tunneling or not.

For the details of that analysis, check out my article on "The Edge Man" blog over at http://blogs.technet.com/tomshinder/archive/2010/03/30/more-on-directaccess-split-tunneling-and-force-tunneling.aspx

Also, check out these resources for more information on Force Tunneling:

Configure Force Tunneling:
http://technet.microsoft.com/en-us/library/ee649127(WS.10).aspx

Choose an Internet Traffic Separation Design/
http://technet.microsoft.com/en-us/library/ee382262(WS.10).aspx

Review DirectAccess Concepts
http://technet.microsoft.com/en-us/library/ee382279(WS.10).aspx