Page tree

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

In the event that connectivity to both Chicago area datacenters is lost due to a catastrophic event, customers who subscribe to CME NYDC NYDR VPN, can access CME Globex via a CME NYDC NYDR VPN connection.

CME NYDC NYDR VPN is implemented using a virtual private network (VPN) connection. A VPN is a secure, point-to-point connection between a client and the CME Group out of Region data center. Unlike a direct Wide Area Network (WAN) connection over a costly, leased facility, VPN traffic is carried over the Internet using tunneling technology.  A single router is used to establish connectivity between the client-managed router and the CME Group out of Region Data Center.

...

Please review the prerequisites below to determine any services, addressing tasks, software, or hardware that customers must have available or complete prior to enabling connectivity for CME NYDC NYDR VPN access to the CME production environment.

...

Customers not wishing to subscribe to market data do not require GRE capability. 


CME

...

NYDR VPN Connectivity Procedures

For CME NYDC NYDR VPN connectivity, a Cisco IOS configuration is presented as a guide only and must be adapted to other situations as required. There are two options available: With Market Data and Without Market Data.

Customer

...

NYDR Configuration Template
Configuration with Market Data

...

No Format
crypto isakmp policy 1

 encr aes

 authentication pre-share

 

crypto ipsec transform-set cmevpn esp-aes esp-sha-hmac

 

crypto isakmp key <CME Assigned PSK> address x.x.x.x

crypto isakmp keepalive 60

 

crypto map cmevpn 1 ipsec-isakmp

 set peer x.x.x.x

 set transform-set cmevpn

 match address xxx

 

interface FastEthernet0/0

Desc LAN Interface

 ip address <CME Assigned LAN Address/mask>

 

interface FastEthernetx/x

 description to Internet

 ip address <Customer Public IP Address ADC>

 crypto map cmevpn

 

ip route 0.0.0.0 0.0.0.0 (Next Hop To Internet)

 

ip access-list extended 100

 permit ip <CME Assigned LAN Network Address/Mask>  <CME NETWORK/Mask>

 permit ip <CME Assigned LAN Network Address/Mask>  <CME NETWORK/Mask>

 permit ip <CME Assigned LAN Network Address/Mask>  <CME NETWORK/Mask>

 permit ip <CME Assigned LAN Network Address/Mask>  <CME NETWORK/Mask>

 permit icmp <Customer Assigned LAN Address/Mask> host x.x.x.x
Testing CME

...

NYDR VPN

Customers will be provided an address to ping in order to verify and validate the health of their VPN IPSEC connectivity when CME Group is not in a DR scenario.