This chapter shows how to set up easy application tunneling with pre-configured static tunnels for secure e-mail server access.

Tunneling, or port forwarding, is a way of forwarding otherwise unsecured TCP traffic through SSH Tectia. You can secure for example POP3, SMTP, and HTTP connections that would otherwise be unsecured.

The tunneling capability of SSH Tectia is a feature that allows, for example, company employees to access their e-mail, company intranet pages and shared files securely even when working outside the office.

Tunneling makes it possible to access e-mail from any type of Internet service, whether accessed via modem, GPRS, 3G, a DSL line or a cable connection, or a hotel Internet service. As long as the users have a TCP/IP connection to the Internet, they can get their e-mail and access other resources from anywhere in the world securely.

SSH Tectia makes it possible to use tunneling even without any client running. The SSH Tectia Connection Broker takes care of the tunneling in the background. The Connection Broker opens all defined static tunnels at start-up phase and asks the user to enter the password or passphrase. If the connections are authenticated with public keys that have empty passphrases, the user does not need to take any actions.

	Note
	The client-server applications using the tunnel will carry out their own authentication procedures (if any) the same way they would without the encrypted tunnel.

Local (outgoing) tunnels protect TCP connections that your local computer forwards from a specified local port to a specified port on the remote host computer you are connected to. It is also possible to forward the connection beyond the remote host computer, but the connection is encrypted only between SSH Tectia Client and SSH Tectia Server.

The following figure Figure 6.1 shows an example where the Secure Shell server resides in the DMZ network. The connection is encrypted from the Secure Shell client to the Secure Shell server and continues unencrypted within the corporate network to the IMAP server.

Figure 6.1. Local tunnel to an IMAP server