Tectia Client and ConnectSecure can be used to access Secure Shell servers on the corporate intranet from a remote location through nested tunnels. The transparent TCP tunneling feature (on Tectia ConnectSecure) is used to encrypt the application connections.
The first tunnel ends at the edge of the corporate intranet, and nested tunnels within the first tunnel continue to Tectia Servers located inside the intranet (as seen in Figure 5.1). Only one port needs to be open in the firewall. It is also possible to chain the nested tunnels within the intranet if necessary.
This helps to achieve end-to-end security without using NAT and a private IP inside the corporate network.