Don't Worry, IPv6 Won't Break Your Existing IPsec VPN, Part 2
Editor's Note: For part one, click here.
Split tunneling is when a VPN user is accessing a public network and a LAN or WAN, using the same network connection. The public network, however, can pose a threat to the LAN or WAN, if it becomes vulnerable.
If IPv6 isn't available end-to-end within your enterprise, "We recommend staying with IPv4 for now," says Enders. "This is some of why IPv6 is slow to roll out. And you have to make sure all the relevant components are fully IPv6-compliant.”
Meanwhile, advises Enders, "If I were shopping for an IPsec or VPN technology, I would look for a vendor that offers a true dual-stack implementation of IPv6 and IPv4, so you are future-proofed. And the same applies when you have a refresh cycle -- make sure you are getting true native support for IPv6."
This provisioning includes any broadband gateways that home or remote users are getting, and also desktop operating systems. (Note: Both Windows 7 and MacOS include IPv6 support -- however, this does not equate to guaranteeing that applications will work with IPv6.)
Steven J. Vaughan-Nichols, editor-in-chief of Practical Technology and independent contributor to publications including IEEE Spectrum and ZDnet, says, "IPv6 will make IPsec more popular than ever. After all, IPsec runs on IPv6. So, if you're using IPsec-based VPNs today, one worry you're not going to have about migrating to IPv6 is replacing or tuning IPsec. It's already baked in."