VPN Access for Support

This section explains how to enable Exasol support access to your system using VPN.

To enable support access over VPN, you must configure a site-to-site VPN tunnel. This is an IPSec tunnel with two phases:

  • Phase 1: AES 256 / SHA-256 / DH Group 14: MODP 2048; Lifetime: 7800 seconds
  • Phase 2: AES 256 / SHA-256 / PFS Group 14: MODP 2048; Lifetime: 3600 seconds

Exasol supports the Internet Key Exchange version 1 (IKEv1) protocol.

To enable all maintenance tasks, make the following services/ports accessible on the public IP addresses of the cluster and the LOM (if applicable):

  • TCP port 8563 (database access)
  • TCP port 20002 (SSH access to cluster nodes)
  • TCP port 443 (HTTPS access to Administration API and LOM web interface)
  • ICMP ECHO REQUEST/REPLY (ping)
  • UDP port 123 (NTP)