VPN Access for Support
This section explains how to enable Exasol support access to your system using VPN.
To enable support access over VPN, you must configure a site-to-site VPN tunnel. This is an IPSec tunnel with two phases:
- Phase 1: AES 256 / SHA-256 / DH Group 14: MODP 2048; Lifetime: 7800 seconds
- Phase 2: AES 256 / SHA-256 / PFS Group 14: MODP 2048; Lifetime: 3600 seconds
Exasol supports the Internet Key Exchange version 1 (IKEv1) protocol.
To enable all maintenance tasks, make the following services/ports accessible on the public IP addresses of the cluster and the LOM (if applicable):
- TCP port 8563 (database access)
- TCP port 20002 (SSH access to cluster nodes)
- TCP port 443 (HTTPS access to Administration API and LOM web interface)
- ICMP ECHO REQUEST/REPLY (ping)
- UDP port 123 (NTP)