Tunneling Explained
Tunneling, or port forwarding, is a way to forward otherwise
insecure TCP traffic through SSH Secure Shell for Workstations. You can secure
for example POP3, SMTP and HTTP connections that would
otherwise be insecure - see Figure Encrypted SSH2 tunnel.
Figure : Encrypted SSH2 tunnel
The tunneling capability of SSH Secure Shell for Workstations is a feature that
allows, for example, company employees to access their email,
company intraweb pages and shared files securely by even when
working from home or on the road.
Tunneling makes it possible to access email from any type of
Internet service (whether accessed via modem, a DSL line or a
cable connection, or a hotel Internet service). As long as the
user has an IP connection to the Internet she can get her mail
and access other resources from anywhere in the world securely.
This often is not the case with more traditional IPSec based
VPN technologies because of issues with traversing networks
that are implementing Network Address Translation (NAT) - this
is especially the case in hotels. NAT breaks an IPSec
connection unless special protocols such as NAT-Traversal are
implemented on the client and gateway.
The client-server applications using the tunnel will carry out
their own authentication procedures, if any, the same way they
would without the encrypted tunnel.
The protocol/application might only be able to connect to a
fixed port number ( e.g. IMAP 143). Otherwise any available
port can be chosen for port forwarding.
Tunneling settings are configured using the Tunneling
page of the Settings dialog - for more information on
configuration settings, see Section Tunneling.
