This page provides an overview of the Certification environment Virtual Private Network (VPN).
CME Group does not require customers to use specific consultant vendors. If internal resources are not available, customers are responsible for engaging resources to establish and support connectivity to CME Group.
Customers must provide a high-speed connection to the Internet. The connection must meet the following requirements:
- Internet connection with static public IP address routable on the internet
- Internet service provider that supports VPN protocols
The VPN software on your device or service must support the following encryption requirements:
- PSK for Internet Security Association and Key Management Protocol (ISAKMP)/IKE
- 3DES/SHA1 encryption or stronger for phase 1
- AES256/SHA1 encryption or stronger phase 2
The device prerequisites vary slightly depending on whether existing devices will be leveraged. The following sections describe the three tunneling configuration options that can be used to create the VPN.
- Option 1 uses separate units for VPN and GRE tunneling
- Option 2 uses a single unit for VPN and GRE tunneling
- Option 3 uses a single unit for VPN tunneling
Option 1: Separate Units for VPN IPSEC and GRE Tunneling
Customers wishing to subscribe to market data that choose to utilize a device or service that does not support GRE tunnel encapsulation, will have to separate the IPsec and GRE termination between 2 endpoints.
Option 2: Combined Units for VPN IPSEC and GRE Tunneling
Customers wishing to subscribe to market data may choose to combine IPSEC and GRE termination into a single device or service.
Option 3: Single Unit for VPN IPSEC only
Customers not wishing to subscribe to market data do not require GRE capability.