Tom Shinder is a highly respected subject matter expert on networking, security and a variety of products that fall into those categories. Tom joined Microsoft not long ago and I spotted one of his articles on the new TechNet Wiki. Here’s an excerpt:
DirectAccess by default enables split tunneling. All traffic destined to the corpnet is sent over the DirectAccess IPsec tunnels, and all traffic destined for the Internet is sent directly to the Internet over the local interface. This prevents DirectAccess clients from bringing the corporate Internet connection to its knees.
However, it has left the issue of potential risks of split tunneling in the minds of administrators who are considering DirectAccess. One option is to use “force tunneling”.
See the full article at http://social.technet.microsoft.com/wiki/contents/articles/why-split-tunneling-is-not-a-security-issue-with-directaccess.aspx. This is a great read. Feel free to add your experiences to the Wiki article. It’s the TechNet Wiki way!