There are two types of tunnels that can be defined for application tunneling, incoming (or remote) tunnels and outgoing (or local) tunnels.

Incoming (remote) tunnels protect TCP connections that a remote host forwards from a specified remote port to a specified port on your local computer.

Outgoing (local) tunnels protect TCP connections that your local computer forwards from a specified local port to a specified port on the remote host computer you are connected to. It is also possible to forward the connection beyond the remote host computer, but the connection is encrypted only between SSH Tectia Client and SSH Tectia Server.

Incoming Tunnel (Remote Tunnel)

SSH Tectia Client also supports incoming (remote) tunnels.

X11 tunneling is a special case of remote tunneling and a built-in functionality of the product. SSH Tectia Client initiates a connection, and an incoming tunnel is created for an X11 graphic connection. See Figure 4.9.

Figure 4.9. Incoming tunnel for X11 connections

Outgoing Tunnel (Local Tunnel)

SSH Tectia Client/Connector connects to an e-mail server within the corporate network. An outgoing (local) tunnel is created from SSH Tectia Client/Connector to SSH Tectia Server on the perimeter of the network as in Figure 4.10. The connection from SSH Tectia Server to the IMAP server is unencrypted.

Figure 4.10. Outgoing tunnel (local tunnel)