In some cases it can be useful to enable temporary remote access to a station within a LAN, e.g. via HTTP (TCP port 80) or TELNET (TCP port 23). For example, if questions come up concerning network devices such as a LANCOM VP-100, the Support department is best able to assist with direct access to the device in the customer's LAN. The standard method for accessing LAN devices via inverse masquerading (port forwarding) sometimes requires a special configuration of the firewall—changes are made which, if they are not deleted again afterwards, can represent a security risk.
As an alternative to permanent access which is based on port forwarding, a temporary remote-maintenance access can be set up that automatically closes again after certain periods of inactivity. To this end, a support staff member requiring access to a device in the customer's network, for example, creates a "TCP/HTTP" tunnel using TCP port 80 to provide this access.