It would be - IMHO - time spent on activity of a very small return. Speaking about technical things, there are many more important tasks.
Thanks for the input.

>If your machine is beefy enough on the RAM and core side, creating a special VM just for such tasks is a valid option. Should clean up such problems.
>
>regards (from the paranoid side)
>thomas
>
>>Thank you very much for the detailed message. I am at awe of your knowledge! So far, what I decided to do (before the customer IT can assure me that the split tunneling is set according to my needs) is to close Outlook whenever I have to do something on their network. That way, Google won't complain.
>>
>>
>>>When a VPN server is configured, the admin has a choice whether to enable so-called "split tunneling": https://en.wikipedia.org/wiki/Split_tunneling. In a nutshell:
>>>
>>>- if split tunneling is enabled, then only network traffic destined for your customer's subnet will go through the VPN tunnel. In your case, traffic from your computer to Gmail would go directly from your computer to Gmail, which is what Gmail would be expecting and would consider normal
>>>
>>>- if split tunneling is disabled, ALL internet traffic is forced to go through the VPN connection. In this scenario your Gmail traffic would first go to your customer's VPN server and be routed from there to Gmail. Gmail would detect that the traffic is effectively coming from a different IP and would rightly alert you to the unexpected behaviour
>>>
>>>Some companies disable split tunneling for several reasons including:
>>>
>>>- it can be more secure
>>>- companies can use it to monitor internet usage by remote/work-at-home employees
>>>
>>>The major technical downside to disabling split tunneling is it puts a lot of stress on the VPN server's bandwidth. If you start watching a YouTube video, all that traffic has to go through the VPN. Multiply that by a bunch of remote users and it can bring the VPN network connection to its knees.
>>>
>>>From the VPN servers I've seen, enabling or disabling split tunneling is a decision made by the VPN server admin. That said, it's not impossible that the server might be configured to let the client decide which to use, and there might be a setting in your AnyConnect VPN client to enable split tunneling.
>>>
>>>It sounds like split tunneling has been disabled on that particular VPN, at least for you. You probably want it to be enabled:
>>>
>>>- you don't want all your traffic going through the customer's VPN
>>>- they don't want all your non-customer traffic hogging up their bandwidth
>>>
>>>If you have an option to enable split tunneling in the settings of your AnyConnect VPN client you could use that. If you don't, you'll need to contact the VPN admin and ask them to enable it for your connection.
>>>
>>>Some background at https://www.cisco.com/c/en/us/support/docs/security/anyconnect-secure-mobility-client/119006-configure-anyconnect-00.html (mainly for admins).
>>>
>>>One thing to be wary of: if split tunneling is enabled, then your computer's IPv4 subnet must be different from your customer's. You can check your IPv4 address by running "ipconfig" in a CMD window. As an example, suppose your IPv4 address is 192.168.1.100. Your IPv4 subnet is the first 3 octets, "192.168.1" or in CIDR notation 192.168.1.0/24 .
>>>
>>>Now suppose a customer server you're remoting into has the address 192.168.1.10. This has the same 192.168.1.0/24 subnet as your computer i.e. there's a subnet conflict. With split tunneling enabled, your computer won't know which network to go to in order to reach the customer server - it's ambiguous. In most cases your LAN connection will be preferred, so apps such as RDP won't even try to go out through the VPN to get to that server. The VPN may appear to be connected (if duplicate routes are allowed) but it won't work (or work reliably) for most applications.
>>>
>>>However, if you change your IPv4 subnet to something different e.g. 192.168.57.0/24, split tunnel VPN will work fine. Your computer will know that the only route to get to the server on the 192.168.1.0/24 subnet is via the VPN (i.e. not ambiguous).
>>>
>>>In some cases VPN with split tunneling disabled will work even if there's an IPv4 subnet conflict, as all traffic is being forced through the VPN anyways. Even so, it's still a bad idea to have an IPv4 subnet conflict, it will likely cause weird networking behaviour or performance issues.
>>>
>>>If required you can change your local IPv4 subnet in your router configuration - usually by changing the LAN IP of the router itself.
>>>
>>>>Hi,
>>>>
>>>>I connect to several of my customers using Cisco AnyConnect VPN. And no problems.
>>>>
>>>>Yesterday, a new customer (actually the customer is old but they decided to grant me access to their network via VPN) provided me with the URL, username, password, and DUO (for mobile phone) account. So, I connected, no problem.
>>>>
>>>>But as soon as I connected, my Outlook started prompting me to enter password into my Gmail accounts (I actually have 3 Gmail account). And later I received a message from Google that "Google prevented a suspicious attempt to sign in to your account using your password." Clearly it has something to do with the new VPN connection. As soon as I disconnected from the VPN, the emails started to come in and the problem was gone.
>>>>
>>>>Why do you think (or what is different between this VPN and other VPNs) and what prompted the issue with logging into Gmail accounts?
>>>>
>>>>TIA