Let's assume:
- I allow all of my VPN users to connect to various internal services (VPN's IP is allow listed)
- My VPN will be connected to a 3rd party network via IPSec Site-2-Site Tunnel. The purpose of this tunnel is to allow my users to securely access resources (at least FTP) of a 3rd party.
Question 1: Does this new connection compromise my VPN? Specifically, does it mean that now any client connected on the new end of the tunnel will gain access to my internal services?
Question 2: If yes, are there any generic guardrails I need to implement, or will it depend specifically on the capabilities of my VPN provider?
Edit: in other words, the question is if IPsec tunnel can be unidirectional or is always bidirectional once opened I need to "firewall" it?