Problem solve Get help with specific problems with your technologies, process and projects.

What about using SSL VPN with e-mail clients?

Over the SSL VPN can you reconfigure your email client to send traffic over SSL to the e-mail server? Find out in the Q&A with expert Lisa Phifer.

I am interested in using SSL VPN with e-mail clients (Eudora, Outlook etc.). I can configure the e-mail client to send traffic over SSL to the e-mail server. But can I just relay e-mail over the SSL VPN, without reconfiguring the e-mail client? Can I use the SSL VPN as a redirector, and have it redirect traffic on standard ports (110 and 143) to SSL-enabled ports (993 and 995)? Is there a way to minimize e-mail client configuration and have the SSL VPN do the work?
Different SSL VPN products work in different ways. Some SSL VPN products proxy incoming SSL sessions to native protocol sessions with internal servers. Other SSL VPN products use SSL as a generic tunneling protocol, port-forwarding anything that arrives over the tunnel to the internal server. Your ability to use native applications and ports depends on the type of SSL VPN product that you use.

For example, if you're using an SSL VPN proxy, it may not be designed to support native e-mail client applications at all. Instead, it may be necessary to use a web portal interface to reach your e-mail server through the SSL VPN gateway. In this case there is no e-mail client reconfiguration necessary -- you simply use your browser as your e-mail client. The SSL VPN gateway is then configured to send e-mail to the port your e-mail server expects -- that is, the gateway can send plain old POP3 (110) and IMAP (143), or you can send POP3S (995) and IMAPS (993).

If you're using an SSL VPN that port-forwards native protocols over SSL, you'll probably need to reconfigure your e-mail client to send outbound traffic to localhost instead of the destination e-mail server. The SSL VPN agent running on the local host will intercept e-mail traffic and forward it over the SSL tunnel. Upon receipt, the SSL VPN gateway will forward that e-mail traffic on towards the e-mail server. In this case, whatever port the e-mail client sends traffic through will be the port the e-mail server receives traffic on.

This was last published in March 2005

Dig Deeper on Network Security Monitoring and Analysis