Tunneling, or port forwarding, is a way of forwarding otherwise unsecured TCP traffic through SSH Tectia. You can secure for example POP3, SMTP, and HTTP connections that would otherwise be unsecured.

The tunneling capability of SSH Tectia is a feature that allows, for example, company employees to access their e-mail, company intranet pages and shared files securely even when working outside the office.

SSH Tectia Connector supports transparent application tunneling. There is no need to configure application software to use local hosts or ports in order to set up the tunnels. The applications to be tunneled are defined in the configuration.

SSH Tectia Client supports static application tunneling, which means that the tunneled applications need to be defined on the basis of the TCP ports they use. Applications with dynamic ports are not supported.

Tunneling makes it possible to access e-mail from any type of Internet service, whether accessed via modem, GPRS, 3G, a DSL line or a cable connection, or a hotel Internet service. As long as the users have a TCP/IP connection to the Internet, they can get their e-mail and access other resources from anywhere in the world securely.

This is often not the case with more traditional IPSec based VPN technologies because of issues with traversing networks that implement Network Address Translation (NAT). This is especially the case in hotels. NAT breaks an IPSec connection unless special protocols such as NAT-Traversal are implemented on the client and gateway. A hardware gateway is usually also needed.

The client-server applications using the tunnel, carry out their own authentication procedures, if any, the same way they would without the encrypted tunnel.