Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

SSL VPN Encryption on TCP ports


I have a question regarding the SSL VPN encryption on the SA-520.

When I set up SSL VPN og Port Forwarding, is all data on all allowed ports encrypted through the SSL tunnel no matter what application I use to access it?

For example, let's say I allow access to port 21 through my SSL VPN connection, through either VPN or Port Forwarding. Is the traffic to and from port 21, accessed throught my FTP client, encrypted in the SSL tunnel, or do I need to set up encryption on the FTP server to ensure encryption of the traffic?

I have a friend who believes that only traffic accessed through the web browser is encrypted through the SSL tunnel.

Is there any difference in the way this works if I use VPN or Port Forwarding, except that I get a local IP for VPN?

Thanks, regards Artur

Everyone's tags (2)
New Member

Re: SSL VPN Encryption on TCP ports

Hi Artur,

That is correct. Once you choose port forwarding all the data sent from remote user will be re-route to SSL VPN gateway

to predefined application. It is not limitted to the Web application. For example, once you have SSL VPN tunnel up.

You can use FTP from Windows command prompt to transfer data to/from your FTP server behind the SA500 gateway through

the tunnel.

Port forwarding only works on predified application (predefined port). However, if you are using VPN, all data will be route through the tunnel



New Member

Re: SSL VPN Encryption on TCP ports

Thanks for your answer, I also assume that in your answers lies that all data, also from outside the Web application is encrypted through the VPN tunnel? Just to be 100% certain about this. Thanks again..

New Member

Re: SSL VPN Encryption on TCP ports

Yes, as long as you don't define a SSL VPN policy

to restrict the access to particular network resource

behind SA500, all the data should go through the tunnel.

That includes non-web based applications running on

your PC.