Barracuda Networks SSL VPN, Руководство администратора

Страница: 51 / 124

Resources 51
SSL Tunnels
SSL Tunnels allow for ad-hoc connections to be made between networked computers. An SSL Tunnel
is simply a connection between two TCP enabled components where all of the data transmitted over
a tunnel is encrypted using the SSL protocol.
For example, a user may wish to create a secure tunnel to a Microsoft terminal server. First of all, an
administrator configures a new SSL Tunnel that uses 63389 as its source port and
example.company.com:3389 as the destination. The user may then activate this tunnel and then run a
locally installed RDP application, specify localhost as the hostname and 63389 as the port and all
traffic will then be secured.
The same technique may be used for a number of different applications and protocols. A common use
of tunnels is to secure the SMTP / POP protocols used for email access. In short, anything that uses
TCP/IP client / server architecture will usually be able to be secured in this manner.
There are two types of tunnel:
• Local : A local (outgoing) tunnel protects TCP connections that your local computer forwards
from a specified local port to a specified port on the SSL VPN that you are connected to. To use
the tunnel, the application to be tunneled is set to connect to the local listener port. The
connection beyond the SSL VPN is not secure. Other computers will not be able to use the
tunnel if localhost is specified as the source port. If the source port has been set to your network
IP address then other computers on the local network will be able to access the tunnel.
• Remote : A remote (incoming) tunnel protects TCP connections that are forwarded from the
SSL VPN to a specified port on your computer. If the connection is forwarded beyond your
computer that part of the connection is not secure.