cisco vpn software client installation guide for rtp2 · pdf filecisco vpn software client...
TRANSCRIPT
DOC
Report
Internal © Copyright SIX Group Ltd, 04.2015. All rights reserved. All trademarks observed.
Cisco VPN Software Client Installation Guide for RTP2 Beta-Test
SSX-VPN-SWC-GDE-200/E, Version 1.00, 16.04.2015
This guide provides firewall and network considerations and step-by-step instructions on how to install a Cisco VPN Software
Client and install Certificate and Connection Entry for RTP2 Beta-Test
Cisco VPN Software Client Installation Guide for RTP2 Beta-
Test
Page i
SSX-VPN-SWC-GDE-200/E
Version 1.00, 16.04.2015
Internal
Identification
Title: Cisco VPN Software Client Installation Guide for RTP2 Beta-Test
Version, Date: Version 1.00, 16.04.2015
Classification: Internal
Intended Audience: <Audience>
Distribution: <Distribution>
Keywords: Cisco VPN, Installation, Guide
Reference: SSX-VPN-SWC-GDE-200/E
Filename: Cisco-VPN-Software-Client-Quick-Start-und-Installation-Guide-Beta-Test.docx
Synopsis: This guide provides firewall and network considerations and step-by-step
instructions on how to install a Cisco VPN Software Client and install Certificate and Connection Entry for RTP2 Beta-Test
Author(s): Martin Schmid
Reviewer: XRS-Team
Approval: Lee Hannah
Responsible: Martin Schmid
Revision History
Version, Date Description
1.00, 03.01.2012 First Version
Cisco VPN Software Client Installation Guide for RTP2 Beta-
Test
Page ii
SSX-VPN-SWC-GDE-200/E
Version 1.00, 16.04.2015
Internal
Table of Content
1 Introduction ............................................................................................................................................ 1
1.1 Purpose & Scope ................................................................................................................................. 1
1.2 Definitions & Abbreviations .................................................................................................................. 1
1.3 Contact ................................................................................................................................................. 1
2 Cisco VPN Software Client ................................................................................................................... 1
3 Network & Firewall Considerations ..................................................................................................... 2
3.1 VPN Endpoints ..................................................................................................................................... 2
3.2 DNS Servers ......................................................................................................................................... 2
3.2.1 DNS Servers with VPN Connection .................................................................................................. 2
3.2.2 Ports Used for Cisco VPN Software Client Connections .................................................................. 3
3.3 Repo Application Servers ..................................................................................................................... 3
3.4 HTTP Proxy Server Exceptions ............................................................................................................ 4
3.5 Ports used for Connection and a Quick Guide to Troubleshooting ...................................................... 4
3.5.1 For Clients with Direct Connections .................................................................................................. 4
4 Step-By-Step Instructions .................................................................................................................... 5
4.1 Downloading and Configuring VPN Software Client ............................................................................ 5
4.2 Setting Up a VPN Connection ............................................................................................................ 14
Cisco VPN Software Client Installation Guide for RTP2 Beta-
Test
Introduction
Page 1
SSX-VPN-SWC-GDE-200/E
Version 1.00, 16.04.2015
Internal
1 Introduction
1.1 Purpose & Scope
This document describes how to set up a VPN connection with a Cisco VPN Software Client to the
RTP2 trading platform. The guide provides basic information about technical requirements and
network settings as well as detailed information about the installation and configuration of the Cisco
VPN Software Client.
1.2 Definitions & Abbreviations
Term/Abbreviation Explanation
CVI Common VPN Infrastructure
DNS Domain Name System
Environments M01 RTP2 Beta-Test
FQDN Fully Qualified Domain Name
IPSec Internet Protocol Security
RTP2 Repo of SIX trading platform 2
SCAP SIX Swiss Exchange Common Access Portal
SSX SIX Swiss Exchange
SSL Secure Socket Layer
SWX SWX Swiss Exchange. Former name of SIX Swiss Exchange
VEP VPN Entrypoint
VPN Virtual Private Network
1.3 Contact
For further information about specific issues, please contact Repo infodesk:
Zürich +41 58 399 2190
E-mail: [email protected]
2 Cisco VPN Software Client
The following Cisco VPN Software Client version is tested and supported by SIX Swiss Exchange:
Cisco VPN Software Client V5.0.07.0440 (64 bit)
Cisco VPN Software Client Installation Guide for RTP2 Beta-
Test
Network & Firewall Considerations
Page 2
SSX-VPN-SWC-GDE-200/E
Version 1.00, 16.04.2015
Internal
3 Network & Firewall Considerations
3.1 VPN Endpoints
The table below gives the FQDN and IP addresses of the SIX Swiss Exchange VPN endpoints for
Cisco VPN connections:
Membertest & Production
Data Centre A Data Centre B
vpn.swx.com 146.109.0.10 146.109.64.10
(virtual IP addresses)
vpnzs.swx.com 146.109.0.10 (virtual IP address)
vpnzh.swx.com 146.109.64.10 (virtual IP address)
vpnzs01.swx.com 146.109.0.11
vpnzh01.swx.com 146.109.64.11
vpnzs02.swx.com 146.109.0.12
vpnzh02.swx.com 146.109.64.12
The VPN Endpoints above are valid Repo of SIX Trading and Reference Data servers.
NB. Please ensure that all of above VPN Endpoints have been enabled over your firewall. Due to
our load balancing mechanism a VPN response that emanates from a source that has not been
opened on your firewall will not be accepted by your organisation and your connection to the Repo
trading environment could be refused.
3.2 DNS Servers
3.2.1 DNS Servers without VPN Connection
These DNS servers resolve VPN endpoints:
Data Centre IP Address
Data Centre A 146.109.66.249
Data Centre A 146.109.66.250
Data Centre B 146.109.2.249
Data Centre B 146.109.2.250
Cisco VPN Software Client Installation Guide for RTP2 Beta-
Test
Network & Firewall Considerations
Page 3
SSX-VPN-SWC-GDE-200/E
Version 1.00, 16.04.2015
Internal
3.2.2 DNS Servers with VPN Connection
These DNS servers resolve Repo application servers:
Data Centre IP Address
Data Centre A 146.109.55.251
Data Centre A 146.109.55.252
Data Centre B 146.109.39.251
Data Centre B 146.109.39.252
3.2.3 Ports Used for Cisco VPN Software Client Connections
The table below indicates the ports used between the Cisco VPN Software Client and the SIX
Swiss Exchange VPN endpoint:
IP Protocol No.
Name Port Purpose Required for
IPSec IPSec Over UDP
IPSec Over TCP
17 UDP 500 IKE
50 IPSec None ESP
17 UDP 4500 IPSec via NAT-T
17 UDP 4501 IPSec via UDP
6 TCP 4501 IPSec via TCP
3.3 Repo Application Servers
The table below gives the FQDN and IP addresses of the Repo application servers. These
addresses can be reached through a Cisco VPN Software Client connection:
Beta Test
Reference Server Trading Server 1
rtp2-ref-mbt.pn.swx rtp2-trd1-mbt.pn.swx
146.109.52.199 146.109.52.198
Trading Server 2
rtp2-trd2-m01.pn.swx
146.109.52.197
The application servers above are valid for the Repo of SIX trading and reference data
environments.
Cisco VPN Software Client Installation Guide for RTP2 Beta-
Test
Network & Firewall Considerations
Page 4
SSX-VPN-SWC-GDE-200/E
Version 1.00, 16.04.2015
Internal
3.4 HTTP Proxy Server Exceptions
Access to the various online features provided through the Repo platform, e.g. Member Page with
Newsboard, Online Help and Statistics. (Membertest / Production) is not possible via a web-proxy
server. They can only be accessed through a Cisco VPN (IPSec) tunnel connection.
For these specific websites, you need to ensure that you have disabled any potential HTTP proxy
server on the client PC.
The following HTTP proxy server exceptions have to be set in your web-browser:
– *.pn.swx (for application servers)
– *.ps.swx (for CVI Private Web)
3.5 Ports used for Connection and a Quick Guide to Troubleshooting
In order to be able to better troubleshoot any potential connectivity issues the following information
gives you the ports associated with the individual destinations within both the Repo client-side
environment as well as the Exchange-side infrastructures as well as methods to test the validity of
any connection.
3.5.1 For Clients with Direct Connections
Providing that the VPN is correctly connected, the following table details the application servers
and their corresponding ports.
If you are encountering connectivity issues with the repo trading system always ensure that the you
are unable to make a telnet request to and receive a response from the corresponding FQDNs/IP
Addresses in section 3.3 on the appropriate ports below (depending on your environment). The
latter set of ports are used to receive help and peripheral information.
Destination Environment TCP Port
Exchange Beta Test – Reference Server 146.109.52.199
7310
Beta Test – Trading Server 1 and 2 146.109.52.198 146.109.52.199
7311, 7312
Cisco VPN Software Client Installation Guide for RTP2 Beta-
Test
Step-By-Step Instructions
Page 5
SSX-VPN-SWC-GDE-200/E
Version 1.00, 16.04.2015
Internal
4 Step-By-Step Instructions
If there is no Cisco VPN Software Client installed follow the step by step instructions below
4.1 Downloading and Configuring VPN Software Client
To access the CVI – Common VPN Infrastructure, proceed as follows (an Internet connection is required):
1. In your Browser, go to the CVI – Common VPN Infrastructure Web page https://www.six-swiss-
exchange.com/members/cvi/scap.html and login with cvim01enr / vicarphing
2. On the CVI – Common VPN Infrastructure page, download the following three items:
[] Cisco VPN Tunnel Software
[] Connection
[] CVI Root Certificate
3. For each of the three items, proceed as follows to download them and save them on your Desktop:
a. Click on the item link (for example Cisco VPN Tunnel Software) and click Save as in the dialog
box.
Cisco VPN Software Client Installation Guide for RTP2 Beta-
Test
Step-By-Step Instructions
Page 6
SSX-VPN-SWC-GDE-200/E
Version 1.00, 16.04.2015
Internal
b. In the Folders pane, select Desktop and click Save.
4. When you have repeated steps a to c above for the other two items (Connection and the CVI Root
Certificate), verify that all three files are available on your Desktop.
5. On your Desktop, double-click the Cisco VPN Tunnel Software file you have downloaded:
vpnclient-win-msi-5.0.03.0560-k9.exe.
6. Click Unzip.
Cisco VPN Software Client Installation Guide for RTP2 Beta-
Test
Step-By-Step Instructions
Page 7
SSX-VPN-SWC-GDE-200/E
Version 1.00, 16.04.2015
Internal
7. The file is being unzipped. In the dialog box, click OK.
8. Choose English and click OK.
9. The Installation Wizard is started. Click Next.
Cisco VPN Software Client Installation Guide for RTP2 Beta-
Test
Step-By-Step Instructions
Page 8
SSX-VPN-SWC-GDE-200/E
Version 1.00, 16.04.2015
Internal
10. Select the I accept the license agreement option and click Next.
11. Select a destination folder (or leave it unchanged) and click Next.
12. Click Next (2 times) to begin installation.
Cisco VPN Software Client Installation Guide for RTP2 Beta-
Test
Step-By-Step Instructions
Page 9
SSX-VPN-SWC-GDE-200/E
Version 1.00, 16.04.2015
Internal
13. When the VPN client has been installed, click Finish.
14. Click Yes to restart your computer.
15. To start the VPN client, click the Start menu and select All Programs > Cisco Systems VPN
Client > VPN Client.
Cisco VPN Software Client Installation Guide for RTP2 Beta-
Test
Step-By-Step Instructions
Page 10
SSX-VPN-SWC-GDE-200/E
Version 1.00, 16.04.2015
Internal
16. The VPN Client is started. Click the Connection Entries tab and click the Import button.
17. Navigate to the Desktop, select the SWX_CVI.pcf file and click Open.
18. In the dialog box, click OK to confirm the successful import of the Connection Entry.
Cisco VPN Software Client Installation Guide for RTP2 Beta-
Test
Step-By-Step Instructions
Page 11
SSX-VPN-SWC-GDE-200/E
Version 1.00, 16.04.2015
Internal
19. The Connection Entry SWX_CVI is now listed under Connection Entry.
20. Click the Certificates tab.
21. On the Certificates menu, click Show CA/RA Certificates.
22. Click the Import button.
Cisco VPN Software Client Installation Guide for RTP2 Beta-
Test
Step-By-Step Instructions
Page 12
SSX-VPN-SWC-GDE-200/E
Version 1.00, 16.04.2015
Internal
23. In the dialog box, select the Import from File option and click Browse.
24. Navigate to the Desktop, select the SWXVPNROOTCA.cer file and click Open.
25. Click Import.
26. In the dialog box, click OK to confirm the successful import of the Root Certificate.
Cisco VPN Software Client Installation Guide for RTP2 Beta-
Test
Step-By-Step Instructions
Page 13
SSX-VPN-SWC-GDE-200/E
Version 1.00, 16.04.2015
Internal
27. The Root-Certificate swxcapprdrootca is now listed under the Certificates tab.
Cisco VPN Software Client Installation Guide for RTP2 Beta-
Test
Step-By-Step Instructions
Page 14
SSX-VPN-SWC-GDE-200/E
Version 1.00, 16.04.2015
Internal
4.2 Setting Up a VPN Connection
1. In your Browser, go to the CVI – Common VPN Infrastructure Web page https://www.six-swiss-
exchange.com/members/cvi/scap.html and login with cvim01enr / vicarphing
2. On the CVI – Common VPN Infrastructure Web page and click on the link Private CVI VPN
Homepage (via SSL connection).
3. A security alert is displayed. Click on Continue to this website (not recommended) link twice.
4. In the Login window, type again cvim01enr / vicarphing
Cisco VPN Software Client Installation Guide for RTP2 Beta-
Test
Step-By-Step Instructions
Page 15
SSX-VPN-SWC-GDE-200/E
Version 1.00, 16.04.2015
Internal
5. Click Login.The CVI – Private Web page will open. (This may take some time…)
6. On the welcome screen, type the certificate Username and Password provided in the secured email
for the RTPM01 environment.
7. Click Enter.
8. After successful login, the Userpage opens. Enter a personal defined download password (for
example MyPwd123456).and click Download.
9. Save the certificate in a directory of your choice selecting Save as in a directory of your choice or
select Save to store it in your Downloads directory.
10. Open the VPN Client: On the Certificates tab, click the Import button.
11. Select the option Import from File and click Browse.
Cisco VPN Software Client Installation Guide for RTP2 Beta-
Test
Step-By-Step Instructions
Page 16
SSX-VPN-SWC-GDE-200/E
Version 1.00, 16.04.2015
Internal
12. Navigate to the choosen directory or to the Downloads directory and select your certificate file
(*.p12, in this example it is RTPM012002.p12). Then click Open.
13. The imported certificate is now displayed in the Import Path: box. In the Import Password: box,
type the password you have selected (for example MyPwd123456).
14. If preferred you can protect the certificate and connection start by a new certificate password. Select
a new password (for example MyNewCertificatePwd123456) and type it in the New Password /
Confirm Password boxes.
Remember or note down this password because you will use it to start the VPN connection and as
well it is needed to delete the certificate.
15. Then click Import.
Cisco VPN Software Client Installation Guide for RTP2 Beta-
Test
Step-By-Step Instructions
Page 17
SSX-VPN-SWC-GDE-200/E
Version 1.00, 16.04.2015
Internal
16. A dialog box confirms that the import of the certificate was successful. Click OK.
17. The imported certificate is now displayed under the Certificates tab.
18. Click on Connection Entries tab. Right-click on the SWX_CVI Connection Entry and select
Modify… from the context menu.
19. As well you can Right-click on a Connection Entry of your choice and select Duplicate from the
context menu.
Cisco VPN Software Client Installation Guide for RTP2 Beta-
Test
Step-By-Step Instructions
Page 18
SSX-VPN-SWC-GDE-200/E
Version 1.00, 16.04.2015
Internal
20. Right-click on the duplicated Connection Entry and select Modify… from the context menu.
21. In the Tab Authentication select the Certificate Authentication option and select the RTPM01xxxx
certificate in the Name box. (In this example it is 3 - RTPM012002 (Cisco) )
22. As well edit the Connection Entry: field to a name of your choice . (In this example RTPM012002).
Cisco VPN Software Client Installation Guide for RTP2 Beta-
Test
Step-By-Step Instructions
Page 19
SSX-VPN-SWC-GDE-200/E
Version 1.00, 16.04.2015
Internal
23. Then click Save.
24. Click the Connect button and type in the certificate password if requested to start the connection (for
example MyNewCertificatePwd123456). Then click OK.
25. A dialog box is displayed and confirms that you have successfully connected. Click Continue.