cisco vpn software client installation guide for rtp2 · pdf filecisco vpn software client...

DOC

Report

Internal © Copyright SIX Group Ltd, 04.2015. All rights reserved. All trademarks observed.

Cisco VPN Software Client Installation Guide for RTP2 Beta-Test

SSX-VPN-SWC-GDE-200/E, Version 1.00, 16.04.2015

This guide provides firewall and network considerations and step-by-step instructions on how to install a Cisco VPN Software

Client and install Certificate and Connection Entry for RTP2 Beta-Test

Cisco VPN Software Client Installation Guide for RTP2 Beta-

Test

Page i

SSX-VPN-SWC-GDE-200/E

Version 1.00, 16.04.2015

Internal

Identification

Title: Cisco VPN Software Client Installation Guide for RTP2 Beta-Test

Version, Date: Version 1.00, 16.04.2015

Classification: Internal

Intended Audience: <Audience>

Distribution: <Distribution>

Keywords: Cisco VPN, Installation, Guide

Reference: SSX-VPN-SWC-GDE-200/E

Filename: Cisco-VPN-Software-Client-Quick-Start-und-Installation-Guide-Beta-Test.docx

Synopsis: This guide provides firewall and network considerations and step-by-step

instructions on how to install a Cisco VPN Software Client and install Certificate and Connection Entry for RTP2 Beta-Test

Author(s): Martin Schmid

Reviewer: XRS-Team

Approval: Lee Hannah

Responsible: Martin Schmid

Revision History

Version, Date Description

1.00, 03.01.2012 First Version


Test

Page ii


Version 1.00, 16.04.2015

Internal

Table of Content

1 Introduction ............................................................................................................................................ 1

1.1 Purpose & Scope ................................................................................................................................. 1

1.2 Definitions & Abbreviations .................................................................................................................. 1

1.3 Contact ................................................................................................................................................. 1

2 Cisco VPN Software Client ................................................................................................................... 1

3 Network & Firewall Considerations ..................................................................................................... 2

3.1 VPN Endpoints ..................................................................................................................................... 2

3.2 DNS Servers ......................................................................................................................................... 2

3.2.1 DNS Servers with VPN Connection .................................................................................................. 2

3.2.2 Ports Used for Cisco VPN Software Client Connections .................................................................. 3

3.3 Repo Application Servers ..................................................................................................................... 3

3.4 HTTP Proxy Server Exceptions ............................................................................................................ 4

3.5 Ports used for Connection and a Quick Guide to Troubleshooting ...................................................... 4

3.5.1 For Clients with Direct Connections .................................................................................................. 4

4 Step-By-Step Instructions .................................................................................................................... 5

4.1 Downloading and Configuring VPN Software Client ............................................................................ 5

4.2 Setting Up a VPN Connection ............................................................................................................ 14


Test

Introduction

Page 1


Version 1.00, 16.04.2015

Internal

1 Introduction

1.1 Purpose & Scope

This document describes how to set up a VPN connection with a Cisco VPN Software Client to the

RTP2 trading platform. The guide provides basic information about technical requirements and

network settings as well as detailed information about the installation and configuration of the Cisco

VPN Software Client.

1.2 Definitions & Abbreviations

Term/Abbreviation Explanation

CVI Common VPN Infrastructure

DNS Domain Name System

Environments M01 RTP2 Beta-Test

FQDN Fully Qualified Domain Name

IPSec Internet Protocol Security

RTP2 Repo of SIX trading platform 2

SCAP SIX Swiss Exchange Common Access Portal

SSX SIX Swiss Exchange

SSL Secure Socket Layer

SWX SWX Swiss Exchange. Former name of SIX Swiss Exchange

VEP VPN Entrypoint

VPN Virtual Private Network

1.3 Contact

For further information about specific issues, please contact Repo infodesk:

Zürich +41 58 399 2190

E-mail: [email protected]

2 Cisco VPN Software Client

The following Cisco VPN Software Client version is tested and supported by SIX Swiss Exchange:

Cisco VPN Software Client V5.0.07.0440 (64 bit)

mailto:[email protected]


Test

Network & Firewall Considerations

Page 2


Version 1.00, 16.04.2015

Internal

3 Network & Firewall Considerations

3.1 VPN Endpoints

The table below gives the FQDN and IP addresses of the SIX Swiss Exchange VPN endpoints for

Cisco VPN connections:

Membertest & Production

Data Centre A Data Centre B

vpn.swx.com 146.109.0.10 146.109.64.10

(virtual IP addresses)

vpnzs.swx.com 146.109.0.10 (virtual IP address)

vpnzh.swx.com 146.109.64.10 (virtual IP address)

vpnzs01.swx.com 146.109.0.11

vpnzh01.swx.com 146.109.64.11

vpnzs02.swx.com 146.109.0.12

vpnzh02.swx.com 146.109.64.12

The VPN Endpoints above are valid Repo of SIX Trading and Reference Data servers.

NB. Please ensure that all of above VPN Endpoints have been enabled over your firewall. Due to

our load balancing mechanism a VPN response that emanates from a source that has not been

opened on your firewall will not be accepted by your organisation and your connection to the Repo

trading environment could be refused.

3.2 DNS Servers

3.2.1 DNS Servers without VPN Connection

These DNS servers resolve VPN endpoints:

Data Centre IP Address

Data Centre A 146.109.66.249

Data Centre A 146.109.66.250

Data Centre B 146.109.2.249

Data Centre B 146.109.2.250


Test


Page 3


Version 1.00, 16.04.2015

Internal

3.2.2 DNS Servers with VPN Connection

These DNS servers resolve Repo application servers:

Data Centre IP Address

Data Centre A 146.109.55.251

Data Centre A 146.109.55.252

Data Centre B 146.109.39.251

Data Centre B 146.109.39.252

3.2.3 Ports Used for Cisco VPN Software Client Connections

The table below indicates the ports used between the Cisco VPN Software Client and the SIX

Swiss Exchange VPN endpoint:

IP Protocol No.

Name Port Purpose Required for

IPSec IPSec Over UDP

IPSec Over TCP

17 UDP 500 IKE

50 IPSec None ESP

17 UDP 4500 IPSec via NAT-T

17 UDP 4501 IPSec via UDP

6 TCP 4501 IPSec via TCP

3.3 Repo Application Servers

The table below gives the FQDN and IP addresses of the Repo application servers. These

addresses can be reached through a Cisco VPN Software Client connection:

Beta Test

Reference Server Trading Server 1

rtp2-ref-mbt.pn.swx rtp2-trd1-mbt.pn.swx

146.109.52.199 146.109.52.198

Trading Server 2

rtp2-trd2-m01.pn.swx

146.109.52.197

The application servers above are valid for the Repo of SIX trading and reference data

environments.


Test


Page 4


Version 1.00, 16.04.2015

Internal

3.4 HTTP Proxy Server Exceptions

Access to the various online features provided through the Repo platform, e.g. Member Page with

Newsboard, Online Help and Statistics. (Membertest / Production) is not possible via a web-proxy

server. They can only be accessed through a Cisco VPN (IPSec) tunnel connection.

For these specific websites, you need to ensure that you have disabled any potential HTTP proxy

server on the client PC.

The following HTTP proxy server exceptions have to be set in your web-browser:

– *.pn.swx (for application servers)

– *.ps.swx (for CVI Private Web)

3.5 Ports used for Connection and a Quick Guide to Troubleshooting

In order to be able to better troubleshoot any potential connectivity issues the following information

gives you the ports associated with the individual destinations within both the Repo client-side

environment as well as the Exchange-side infrastructures as well as methods to test the validity of

any connection.

3.5.1 For Clients with Direct Connections

Providing that the VPN is correctly connected, the following table details the application servers

and their corresponding ports.

If you are encountering connectivity issues with the repo trading system always ensure that the you

are unable to make a telnet request to and receive a response from the corresponding FQDNs/IP

Addresses in section 3.3 on the appropriate ports below (depending on your environment). The

latter set of ports are used to receive help and peripheral information.

Destination Environment TCP Port

Exchange Beta Test – Reference Server 146.109.52.199

7310

Beta Test – Trading Server 1 and 2 146.109.52.198 146.109.52.199

7311, 7312


Test

Step-By-Step Instructions

Page 5


Version 1.00, 16.04.2015

Internal

4 Step-By-Step Instructions

If there is no Cisco VPN Software Client installed follow the step by step instructions below

4.1 Downloading and Configuring VPN Software Client

To access the CVI – Common VPN Infrastructure, proceed as follows (an Internet connection is required):

1. In your Browser, go to the CVI – Common VPN Infrastructure Web page https://www.six-swiss-

exchange.com/members/cvi/scap.html and login with cvim01enr / vicarphing

2. On the CVI – Common VPN Infrastructure page, download the following three items:

[] Cisco VPN Tunnel Software

[] Connection

[] CVI Root Certificate

3. For each of the three items, proceed as follows to download them and save them on your Desktop:

a. Click on the item link (for example Cisco VPN Tunnel Software) and click Save as in the dialog

box.

https://www.six-swiss-exchange.com/members/cvi/scap.html



Test


Page 6


Version 1.00, 16.04.2015

Internal

b. In the Folders pane, select Desktop and click Save.

4. When you have repeated steps a to c above for the other two items (Connection and the CVI Root

Certificate), verify that all three files are available on your Desktop.

5. On your Desktop, double-click the Cisco VPN Tunnel Software file you have downloaded:

vpnclient-win-msi-5.0.03.0560-k9.exe.

6. Click Unzip.


Test


Page 7


Version 1.00, 16.04.2015

Internal

7. The file is being unzipped. In the dialog box, click OK.

8. Choose English and click OK.

9. The Installation Wizard is started. Click Next.


Test


Page 8


Version 1.00, 16.04.2015

Internal

10. Select the I accept the license agreement option and click Next.

11. Select a destination folder (or leave it unchanged) and click Next.

12. Click Next (2 times) to begin installation.


Test


Page 9


Version 1.00, 16.04.2015

Internal

13. When the VPN client has been installed, click Finish.

14. Click Yes to restart your computer.

15. To start the VPN client, click the Start menu and select All Programs > Cisco Systems VPN

Client > VPN Client.


Test


Page 10


Version 1.00, 16.04.2015

Internal

16. The VPN Client is started. Click the Connection Entries tab and click the Import button.

17. Navigate to the Desktop, select the SWX_CVI.pcf file and click Open.

18. In the dialog box, click OK to confirm the successful import of the Connection Entry.


Test


Page 11


Version 1.00, 16.04.2015

Internal

19. The Connection Entry SWX_CVI is now listed under Connection Entry.

20. Click the Certificates tab.

21. On the Certificates menu, click Show CA/RA Certificates.

22. Click the Import button.


Test


Page 12


Version 1.00, 16.04.2015

Internal

23. In the dialog box, select the Import from File option and click Browse.

24. Navigate to the Desktop, select the SWXVPNROOTCA.cer file and click Open.

25. Click Import.

26. In the dialog box, click OK to confirm the successful import of the Root Certificate.


Test


Page 13


Version 1.00, 16.04.2015

Internal

27. The Root-Certificate swxcapprdrootca is now listed under the Certificates tab.


Test


Page 14


Version 1.00, 16.04.2015

Internal

4.2 Setting Up a VPN Connection

1. In your Browser, go to the CVI – Common VPN Infrastructure Web page https://www.six-swiss-

exchange.com/members/cvi/scap.html and login with cvim01enr / vicarphing

2. On the CVI – Common VPN Infrastructure Web page and click on the link Private CVI VPN

Homepage (via SSL connection).

3. A security alert is displayed. Click on Continue to this website (not recommended) link twice.

4. In the Login window, type again cvim01enr / vicarphing




Test


Page 15


Version 1.00, 16.04.2015

Internal

5. Click Login.The CVI – Private Web page will open. (This may take some time…)

6. On the welcome screen, type the certificate Username and Password provided in the secured email

for the RTPM01 environment.

7. Click Enter.

8. After successful login, the Userpage opens. Enter a personal defined download password (for

example MyPwd123456).and click Download.

9. Save the certificate in a directory of your choice selecting Save as in a directory of your choice or

select Save to store it in your Downloads directory.

10. Open the VPN Client: On the Certificates tab, click the Import button.

11. Select the option Import from File and click Browse.


Test


Page 16


Version 1.00, 16.04.2015

Internal

12. Navigate to the choosen directory or to the Downloads directory and select your certificate file

(*.p12, in this example it is RTPM012002.p12). Then click Open.

13. The imported certificate is now displayed in the Import Path: box. In the Import Password: box,

type the password you have selected (for example MyPwd123456).

14. If preferred you can protect the certificate and connection start by a new certificate password. Select

a new password (for example MyNewCertificatePwd123456) and type it in the New Password /

Confirm Password boxes.

Remember or note down this password because you will use it to start the VPN connection and as

well it is needed to delete the certificate.

15. Then click Import.


Test


Page 17


Version 1.00, 16.04.2015

Internal

16. A dialog box confirms that the import of the certificate was successful. Click OK.

17. The imported certificate is now displayed under the Certificates tab.

18. Click on Connection Entries tab. Right-click on the SWX_CVI Connection Entry and select

Modify… from the context menu.

19. As well you can Right-click on a Connection Entry of your choice and select Duplicate from the

context menu.


Test


Page 18


Version 1.00, 16.04.2015

Internal

20. Right-click on the duplicated Connection Entry and select Modify… from the context menu.

21. In the Tab Authentication select the Certificate Authentication option and select the RTPM01xxxx

certificate in the Name box. (In this example it is 3 - RTPM012002 (Cisco) )

22. As well edit the Connection Entry: field to a name of your choice . (In this example RTPM012002).


Test


Page 19


Version 1.00, 16.04.2015

Internal

23. Then click Save.

24. Click the Connect button and type in the certificate password if requested to start the connection (for

example MyNewCertificatePwd123456). Then click OK.

25. A dialog box is displayed and confirms that you have successfully connected. Click Continue.

cisco vpn software client installation guide for rtp2 · pdf filecisco vpn software client...

Documents