Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
Community Member

Is allowing an IPSEC tunnel from my LAN secure?


I am wondering whether it is secure or insecure (and why it would be either) to allow one of my users to connect from their PC on the LAN here to an external/third party using a VPN client.

Should I be worried that the other party might take over my user's PC and/or possible be able to access ressources on our network?

kind regards,


Hall of Fame Super Gold

Re: Is allowing an IPSEC tunnel from my LAN secure?


Any time that you allow connectivity from a resource inside your network to resources outside your network there is some degree of insecurity introduced. Making that connection over an IPSec VPN reduces the degree of insecurity but does not eliminate it.

We can identify a good side and a bad side of allowing the connectivity over an IPSec VPN. The good side: the VPN will encrypt the traffic (which is probably passing over an insecure media), will authenticate the other end of the connection assuring that the data is coming from a trusted source. It will protect against packets that were changed in transit, and against attempts to replay the traffic and other types of man in the middle attacks.

The bad side: if you have a firewall protecting your network traffic, the firewall will only see encrypted traffic which it must trust without knowing what is the content. You are opening some exposure by allowing traffic from the outside to the VPN client and it might be possible that if the other end of the connection were compromised that it could transmit problems onto your network. So if you trust the other end of the connection you should be fine, but if you do not trust the other end of the connection then there could be problems.

In general I would say that connecting over VPN is safer than connecting over clear text. But there is a certain degree of risk in allowing connections over VPN.



CreatePlease to create content