I'm not sure I need to know about SSH Tunneling, but let me explain my scenario:
Up until this month, if I want to work from home it was easy. I used the Cisco VPN client to connect to our network and I could do anything I needed it, as if I were in the office. If a port like SSH was block on a certain production server, I can first SSH into my work desktop and then ssh into the production server. Basically, I always SSH'd into my desktop as soon as I connected to the VPN.
Well, June rolled around and the contractor changed. Those who stayed all work for a new company. We moved our stuff down the street and we'll all on a new network. We'll still connected to [big gov't agency]'s network, but now the firewall rules freaking suck. The VPN has always connected right into [big gov't agency]'s network, and the [big gov't agency] could access any computer in our office with no problems. Now, in the new world, the only ports they can access for port 80 and 443, and that's only if they are on a certain subnet.
I'm kind of a rookie to networking, but I've been using Linux for a few years now. That's why I need some ideas here. I can deal with the security aspects later, but I'd like to know if this is possible:
Connect to the [big gov't agency] network using Cisco VPN.
SSH to a machine in the open subnet with port 80 or 443.
SSH into my desktop machine on another subnet
Have access to any machine in the network in my network as if I were at my desk.
Now, this still isn't ideal. If we want to access production servers in the main [big gov't agency] network, we have to VPN in, even if we're in the office. We're still having problems because some servers don't allow connections via the VPN (a problem someone's working on, since the only access to those boxes is LOCAL, stupid firewall rules). Also, I use VMware Server for development over ports 902 and 904, and that might not work. But if I wanted to SSH into my desktop from home; could it be done?
<gripe>This is one of the problems with government agencies. They're so concerned about impressing the CIO or whoever that they lock down everything so tight that nothing can be done. I mean, aren't the Cisco VPNs with the SecurID tokens supposed to be pretty good? This contract change is making it very difficult to do the things I used to be able to do. Like I said before, some production boxes aren't accessible anymore. I used to be able to, from my desk, SSH into them and make changes or whatever. Now, AT WORK, I can't access it at all. Ugh.</gripe>
Thanks in advance!