How To properly secure rsync traffic from onsite ReadyNAS to offsite ReadyNAS

Ok i am trying to setup my first offsite backup and right now both boxes are in the same building rsyncing nightly without encryption (obviously) i want to be ready when i take it offsite and not have to poke at it for days to get it to work...i want to make sure it is working before hand...i have a little experience with stunnel but next to none with linux\unix commands...not to mention i don't have all the options most people have becasue i am using the rsync feature native to the readynas my thought was to run stunnel on the local server and point the localnas to the internal server running stunnel and have it redirect to a secure port then on the other end i have an ISA 2006 firwall and i will have the box behind i can't change the port the readynas listens on (to my knowledge) so how would i make the redirection back to the normal rsync port of 873 so it will send it to the box on my is a rough diagram of what i am trying to say

ReadyNAS box on client network--->firebox---cloud---ISA Firewall--->Readynas box on my network

how do i make sure the data is encypted during this process, can it be done with stunnel?

any help is appreciated
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

easy, use SSH.
add the option -e ssh and you are set. Of course, both destination and source must have ssh installed. This way the script will ask for passwords every time, but you can use key based autentication to work it around.

rsync -aze ssh user@host:/path/to/source /path/to/destination

and you are done :)
Hedley PhillipsOwnerCommented:
Run through this guide I use:

Installing ssh and rsync on a Windows machine: minimalist approach
Oh, sorry, I didn't notice you needed for Windows Server.. then also this guide is good
Acronis True Image 2019 just released!

Create a reliable backup. Make sure you always have dependable copies of your data so you can restore your entire system or individual files.

lacunabridgeAuthor Commented:
Hey guys, thanks for the prompt responses but i don't think my problem is that simple...see the NAS devices don't have any native ssh is what i am going to try and i think i already have it working...please tell me if it is way off and why...not only do i want this to work but i want to learn why it works...anyway

here is what i did

i installed stunnel as the client on the clients in house server...then i installed stunnel (as a server with pem cert) on my server where the offsite box will be located here is how everything points

Client NAS rsync-->server running stunnel listening on 873 then redirects to offsite public ip address through port 22-----------Internet-----------ISA 2006 forwards port 22 to my server running stunnel server listening on port 22 that then redirects to the offsite local ip address of the nas box with the 873 port number

is that secure or am i missing something....thats what i don't grasp...i know 22 is the ssh port but does that mean anything sent through that port is secure?

thanks guys
Mh, the traffic between offsite public and server should be actually crypted (but not between server and NAS).
If you are dubious try to dump the traffic with tcpdump on ISA 2006 and see if you can take a peek on packets' content. If you can, the traffic is in clear and your data is unsecure. If not, you are ok.
Practice is always better than unverified theory.

Otherwise, you may run ssh on your final server that mounts, as a network filesystem, your NAS' disks. Rsync would contact your server, that redirects the stream of clear and uncrypted data on the NAS device.
lacunabridgeAuthor Commented:
sorry i haven't responded to anyone, im waiting for a few things to happen before i troubleshoot this again this week
If you want to know if a traffic is secured, put a sniffer in the middle of the crypted line and try to dump the traffic. if you get garbage, then you are secured

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
lacunabridgeAuthor Commented:
i am guessing that the solution givin isn't the best but i have been too sidtracked to try any of it, if anyone has a problem with my decision, please let me know and ill do what i can to make everyone happy.

thanks for your time
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Storage Software

From novice to tech pro — start learning today.