I wonder if the original poster can tell us a bit more about the environment. In particular I would like to know if the video conferencing units are using unicast or are using multicast? If they are using multicast then that is the problem since IPSec is for unicast IP traffic and does not pass multicast.
The general answer to the question of whether a VPN tunnel is wide open is that it depends on how the VPN tunnel was set up. In setting up the VPN tunnel there is something that defines what traffic will be protected by the VPN. Typically it is defined in terms of any ip traffic from a set of sources to a set of destinations (identifying the source subnet and the destination subnet) and that does produce a wide open tunnel. But it is possible to configure the tunnel so that only certain types of traffic are protected or to deny certain types of traffic and allow everything else.
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...