Configure VPN Tunnel Access for Support

If you have chosen Exasol support through VPN, you have to configure a site-to-site VPN tunnel. This is an IPSec tunnel with two phases:

  • Phase 1: AES 256 / SHA-256 / DH Group 14: MODP 2048; Lifetime: 7800 seconds
  • Phase 2: AES 256 / SHA-256 / PFS Group 14: MODP 2048; Lifetime: 3600 seconds

Exasol supports Internet Key Exchange version 1 (IKEv1) protocol.

For all the maintenance tasks, the following services / ports should be accessible on the cluster's public and LOM IP address:

  • TCP/20 (SSH)
  • TCP/22 (Cluster-SSH)
  • TCP/443 (HTTPS access to EXAoperation and the LOM web interface)
  • UDP/123 (NTP)
  • 161 TCP/UDP (SNMP Monitoring only for Appliances)

    This port is required if you have booked Exasol's Monitoring Service. To know more about monitoring, see Create Monitoring Services.

  • TCP/8563 (for the database)