Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
Community Member

Is a VPN tunnel wide open?


My question is a VPN tunnel wide open by default?

That is are there any ports and/or rules restricted traffic from traversing the VPN tunnel.

I have created tunnels using either EASY VPN and site-site VPN successfully. I am able to http, ftp, e-mail (lotus notes), PCanywhere, ping successfully as well.

What I'm not able to do is use my video conferencing units across the tunnel (one at each end of the tunnel).

I am using a PIX 506E to connect to a 3005 VPN concentrator.

Thanks in advance for your help!

Community Member

Re: Is a VPN tunnel wide open?

you should post your configs, but it sounds more than likely you already have a Static NAT translation for your Video equipment one or other end which will mess with the VPN routing?

That's the most likely reason I can think of.

Hall of Fame Super Gold

Re: Is a VPN tunnel wide open?

I wonder if the original poster can tell us a bit more about the environment. In particular I would like to know if the video conferencing units are using unicast or are using multicast? If they are using multicast then that is the problem since IPSec is for unicast IP traffic and does not pass multicast.

The general answer to the question of whether a VPN tunnel is wide open is that it depends on how the VPN tunnel was set up. In setting up the VPN tunnel there is something that defines what traffic will be protected by the VPN. Typically it is defined in terms of any ip traffic from a set of sources to a set of destinations (identifying the source subnet and the destination subnet) and that does produce a wide open tunnel. But it is possible to configure the tunnel so that only certain types of traffic are protected or to deny certain types of traffic and allow everything else.



Community Member

Re: Is a VPN tunnel wide open?

Problem Resolved!

After asking the manufactuer, the video conferencing units use UNICAST only!

The problem was the Video conferencing units used AES encryption. Once I disabled the AES encryption, I was able to establish a video conferencing session successfully.

Now I do not have an encrypted video conferencing session, but I do have an encrypted tunnel across my VPN.

Thanks again to all those who helped steer me in the right direction!


CreatePlease to create content