Versions Compared

Version Old Version 2 New Version Current
Changes made by

Space Sync for Confluence

Space Sync for Confluence

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

CME Group does not require customers to use specific consultant vendors. If internal resources are not available, customers are responsible for engaging resources to establish and support connectivity to CME Group.

Contents

Table of Contents

Technical Requirements

Internet Requirements

The CME Certification VPN is an Internet only solution providing combined access to futures and options, BTEC and EBS Certification environments. Customers must provide a high-speed connection to the Internet. The connection must adhere to the following requirements:

  • Internet connection with a static public IP address, routable on the Internet

  • Internet service provider that supports VPN protocols

  • Non-cloud based due to lack of Generic Routing Encapsulation (GRE) support

Hardware Requirements

CME recommends that customers use a Cisco router with support for site-to-site VPN’s. CME will provide a sample configuration based on a Cisco router which the customer can tailor for their environment (details on the sample configuration to follow). However, it must be noted that customers are free to select the best vendor for their environment and that they will fully support both their chosen hardware and configuration used to enable the VPN on their side. CME Group is unable to provide configuration support.

...

The CME Certification VPN is a policy-based VPN solution with the following requirements:

  • IKEv2

  • Pre-shared key authentication

  • IKE Phase One:

    • Encryption: AES256

    • Hash: SHA256

    • Diffie-Hellman group: 14

    • Lifetime: 28800 seconds, no volume limit

    • Customer VPN device IKEv2 identity must match IP address used for peering

  • IKE Phase Two:

    • Encryption: AES256

    • Authentication: SHA256

    • Tunnel mode

    • PFS

      625pxPFS: Enabled, using Diffie-Hellman Group 14

    • Compression: No

    • Security association lifetime: 4608000 kilobytes/3600 seconds

    • Security association idletime: 60 seconds

Device Requirements

The device prerequisites vary slightly depending on whether existing devices will be leveraged. The following sections describe the three tunneling configuration options that can be used to create the VPN. 

  • Option 1 uses separate units for VPN and GRE tunneling

  • Option 2 uses a single unit for VPN and GRE tunneling

  • Option 3 uses a single unit for VPN tunneling

Option 1: Separate Units for VPN IPSEC and GRE Tunneling

Customers wishing to subscribe to market data that choose to utilize a device or service that does not support GRE tunnel encapsulation, will have to separate the IPsec and GRE termination between 2 endpoints.Image Removed

...

Option 2: Combined Units for VPN IPSEC and GRE Tunneling

Customers wishing to subscribe to market data may choose to combine IPSEC and GRE termination into a single device or service.Image Removed

...

Option 3: Single Unit for VPN IPSEC only

Customers not wishing to subscribe to market data do not require GRE capability.

Image RemovedImage Added