ASX VPN Access - ASXOnline.com

ASX VPN Access – Service Overview Version 1.3 Date: 26 April 2012 ASX VPN Access -Service Overview –Version 1.3 – April 2012 ASX VPN Access - Service Overview Table of Contents: 1. Introduction ..................................................................... 3 2. Current ASX VPN Providers ........................................... 5 3. ASX access into the VPN’s .............................................. 6 4. Support ............................................................................. 7 5. Security ............................................................................ 9 Appendix 1 – VPN services Bandwidth requirements: ........................10 Appendix 2 – Network overview ........................................................... 11 Appendix 3 - Server Configuration Details ........................................... 12 Appendix 4 – VPN Setup Information Sheet: ...................................... 12 Appendix 5 – iVPN Setup: ......................................................................14 Appendix 6 – Voiceline Setup: ...............................................................16 Form 1 – Voiceline over Internet Connection ...................................... 17 ASX VPN Access -Service Overview –Version 1.3 – April 2012 Page 2 1. Introduction ASX has enabled access to the ASX Trade test systems, CHESS and a variety of Market Information products via third party Virtual Private Network (VPN) providers and, under limited circumstances, Internet based VPN’s (iVPN). All applications made available reside within an ASX managed network infrastructure, ASXs’ E2 network, that provides local and cross site redundancy as well as enhanced application delivery to the subscriber via network application switching technologies. This ASX network acts as a secure portal for the various VPN carriers that allow its customers a varying choice of connectivity methods for access to ASX content. Within this delivery model, the ASX participates as a content provider. The VPN carrier networks themselves are delivered and managed by third parties who are responsible for installation, availability and the rectification of any issues within the VPNs. See diagram in Appendix 2 for overview. Parties who connect for the purpose of gaining access to ASX services contract directly with the network provider for the delivery component of the service. A separate agreement for the right to receive and use the data is entered into directly with the ASX. The following ASX systems and content is currently available over the VPN’s: o o o o CHESS Market Information Products, including ComNews, MarketSource, ReferencePoint, Signal B and the ASX24 ITC datafeed, ASX Voiceline External Technical Test Environments including: o ASX Trade Participant Technical Environment(PTE) for functional testing only o DCS Member Test Environment (MTE) o CHESS Test Environment o ASX Trade 24 Test Environments The size of the VPN connection is dependent on the content the customer is subscribing to. The ASX has set minimum bandwidth requirements for the various services. This is shown in Appendix 1. The supported VPN providers may also have additional non-ASX content available on their networks. This may allow subscribers to get multiple contents over one network connection providing economies of scale. If a customer subscribes to additional non-ASX content, the size of their connection will need to be scaled appropriately. It is important at all times to ensure that adequate bandwidth is allocated to ASX applications. All potential subscribers to the above VPN options must consider the most appropriate means of connection into ASX services. The ASX has worked with VPN providers to ensure that a range of redundant and non-redundant connectivity options is available. ASX VPN Access -Service Overview –Version 1.3 – April 2012 Page 3 In addition to the carrier networks mentioned in section 2 of this document, ASX also provides access to an Internet based VPN, iVPN, for limited purposes as outlined below. This can be used for accessing the ASX Trade Functional and ASX Trade24 Functional test environments; to subscribe to a limited number of Market Information products; and for CHESS connectivity in limited circumstances. DCS test environment connectivity is also available. iVPN use for CHESS Production connectivity Use of iVPN for CHESS connectivity is subject to the following conditions: 1. Primary Internet access is not allowed for Payment Providers or Registry participants. 2. ASX Account Participants that sponsor HIN’s only may use iVPN. 3. Primary Internet access may be approved for Clearing and / or Settlement Participants that settle less than 1% of market value and volume. Written applications for approval must provide details of back-up arrangements and the operational impacts on the Participant in the event internet services are unavailable for any reason. Applications should be addressed to the General Manager, Clearing and Settlement Operations and emailed to Market Access at the address below. There may be situations where permission to use Internet VPN where a Participant with once less than 1% of volume and value has grown such that they are now above the threshold, or in the event that the Internet becomes unstable or has an increased threat of instability we may want to withdraw permission 4. Participants must upgrade to a VPN access service if directed to do so by ASX in the event that their activity exceeds the levels specified in condition 2 above. 5. All customers can establish Internet based CHESS access arrangements to meet their BCP requirements. 6. There may be situations where the above requirements cannot be met, these should be discussed with Market Access. Further information is included in the CHESS External Interface Specification – section 10 iVPN use for ASX Trade test environments connectivity If a customer wishes to use Internet VPN access for functionality testing for ASX Trade or ASX Trade24, a procedure document can be obtained from Market Access. ASX Net use for connectivity to VPN Services If a customer wishes to use ASX Net to access services delivered over VPN carriers details can be obtained from Market Access. ASX VPN Access -Service Overview –Version 1.3 – April 2012 Page 4 For further information regarding VPN access to ASX services please contact: o Market Access 1800 663 053 MarketAccess@asx.com.au 2. Current ASX VPN Providers ASX currently supports access via the following VPN providers. Diagrams showing client connection options are shown in appendix 2. Optus Product Name: eFinity (Not provisioning new services) Connection Options:  Frame relay with single router  Frame relay, single router with ISDN back up  Dual frame relay, dual router. Primary Sales Contact – Marko Nakomcic Direct +612 8082 4135 ,Mobile +614020299 52 Radianz Product Name: RadianzNet Connection Options:  Dual lines (Leased line – DDS), Dual POPs, Dual  Dual lines (Leased line – DDS), Single POP, Dual  Single line (Leased line – DDS), Single router Primary Sales Contact- Adam Bradley; ph: +61 2 9269 1062 and +61 404 482 523. Telstra Product Name: IP Evo Network (formally ASX COIN) Connection Options:  Frame relay with single router  Frame relay, single router with ISDN back up  Dual frame relay, dual router  Frame Relay and ISDN backup, dual router  Telstra IP Evo ADSL/BDSL, single router Primary Sales Contact – David Wilson; ph: +61 2 8576 3749 Mob+61 429 600 232. IPC Primary Sales Contact – Bryan Keough; ph: +61.2.9240.5500 and +61 411 10 6171 Internet based VPN’s Product Name: iVPN ASX VPN Access -Service Overview –Version 1.3 – April 2012 Page 5 Subject to the conditions detailed in Section 1, ASX offers a VPN solution based on secure Internet connectivity. This service is accessible via an ISP connection of the subscriber’s choice. It requires the use of a Cisco 3000 VPN client running on a host computer. Current platforms tested are certain Windows versions, Solaris, Red Hat Linux and Macintosh. All VPN connections are secured via triple DES encryption. Service levels are dependant on the contracted ISP access method; the ASX employs redundant VPN Concentrators and ISP links to ensure high availability within its delivery environment. Connection Options: Customers choose how to connect to the public internet. These may include:  Dialup Internet  ADSL Internet  Cable Modem Internet  Ethernet Internet Service  Corporate Internet connection For further information regarding iVPN access to ASX services please contact: o Market Access 1800 663 053 MarketAccess@asx.com.au 3. ASX access into the VPN’s Redundant connection into the ASX primary and backup data centres is catered for within each VPN access method. In the event of VPN link loss to the ASX production site, all production traffic will be redirected via alternate connections back to ASX production hosts. This mechanism is consistent across all available VPN access methods; the end subscriber is not required to perform any reconfiguration action in terms of target hosts etc within this failure scenario. In the event of the loss of ASX production hosts, and in most cases the failover to alternate hosts is handled automatically via smart network application switching within the ASX network infrastructure and the customer does not have to connect to another IP address. There are very few systems that may require some manual process, these typically include the various application test systems and most of these do not have a backup system regardless. (customer target IP addresses are listed in appendix 3). The requirement to do this will be communicated at the time by the relevant ASX business units where appropriate. Once connectivity has been automatically established, Signals users may enter their original username/password details and rerequest data from the last sequence number. CHESS subscribers may establish a CHESS session in the usual manner. In the event of loss of the primary data-centre, ASX technical staff will be required to perform certain reconfiguration activity within its processing environment, again ASX VPN Access -Service Overview –Version 1.3 – April 2012 Page 6 where appropriate. However on all production systems the customer will connect to the same IP address as previous and re-enter login credentials. Notification as to the availability of services following reconfiguration activity will be managed via the respective ASX business units. 4. Support Setup Support All installation and configuration requests for Carrier Based VPN, iVPN, and Internet connections are managed through Market Access (8am to 6pm Sydney time):  Market Access 1800 663 053 MarketAccess@asx.com.au Individual Subscriber issues If a customer is having a problem with their ASX “content” over the VPN, the following process should be used:  Contact the relevant ASX Help Desk; this will determine if the problem is application or network related:  Market Access (ASX Trade Test, Market Information, ASX Trade 24 Test, ITC, etc ) 1800 663 053 MarketAccess@asx.com.au  Clearing & Settlement Operations 1800 814 051 CHESSHelp@asx.com.au If the problem is content or application related, the ASX will work with the customer to resolve the issue. If the problem is network related, while the ASX will help facilitate the resolution of the issue, subscriber-end network issues need to be resolved between the customer and VPN provider.  If a customer receives content from multiple providers over their VPN connection and is having issues with all of their content, the customer should take this up directly with their VPN provider as it is highly probable that the issue is network related. Support arrangements, contact numbers etc. should be obtained directly from the customer’s VPN providers. Broader VPN issues The ASX has a regular review process with each VPN provider. The purpose of this meeting is to examine issues and discuss performance within each VPN environment. ASX VPN Access -Service Overview –Version 1.3 – April 2012 Page 7 The ASX will be informed of and will react to issues that affect the delivery of its services to its subscriber base- this will be addressed within the monthly review process and on an ad-hoc basis as required or as dictated by the severity of an event or outage. ASX VPN Access -Service Overview –Version 1.3 – April 2012 Page 8 5. Security The ASX treats VPN’s as un-trusted environments and use firewalls, Network Address Translation (NAT), network application switching techniques such as server load balancing, and network switch policies as well as routing control policies to protect against unauthorized connections. The basic rules employed are:    Only known Client source addresses (NATed addresses) can connect- all others are dropped. Only known/valid ASX destination addresses are accepted. Tightly defined destination TCP/UDP ports only allowed, all other ports are blocked. Additional security is provided by the applications:   Client Usernames are tied to their source address. TCP ports are bound to the application. IPSec is currently available across the public network (www) and also the ANNI network as part of its network architecture. IPSec is chosen as the framework of open standards for defining the rules for secure communications and due to the nature of the delivery mediums used in these two differing networks it is important that IPSec and associated set of rules defined by ASX be used between customer and ASX applications. For internet VPN connections, security is provided by triple DES encryption coupled with application(s) security as mentioned above. VPN client software is also certificatebased (ASX managed). The ASX strongly recommends that all Clients also treat any VPN as an untrusted environment and to protect themselves appropriately. ASX VPN Access -Service Overview –Version 1.3 – April 2012 Page 9 Appendix 1 – VPN services Bandwidth requirements: Service Name Bandwidth requirement (Kbps) Prod / Test Shared / Dedicated Signal B MarketSource (Equities only or Derivatives only) MarketSource (Equities and Derivatives) 64Kbps Prod Shared 1024Kbps Prod Dedicated 2048Kbps Prod Dedicated ReferencePoint (old Signal E) 64Kbps Prod Shared ComNews 256Kbps Prod Dedicated CHESS ASX24 ITC Market Data feed (Futures markets) 64Kbps Prod Shared 512Kbps Prod Dedicated Voiceline 64Kbps Prod Dedicated ASX Trade PTE ASX Trade 24 AOEI Functional Test ASX Trade 24 Upgraded AOEI Functional Test 128Kbps Test Shared 128Kbps Test Shared 128Kbps Test Shared Comment Can be shared with any other service of the same or greater bandwidth Bandwidth must be added to current configuration Bandwidth must be added to current configuration Can be shared with any other service of the same or greater bandwidth Bandwidth must be added to current configuration Can be shared with any other service of the same or greater bandwidth Can be shared with any other service of the same or greater bandwidth Bandwidth must be added to current configuration or preferably a Voiceline PVC required Can be shared with any other service of the same or greater bandwidth. Can be shared with any other service of the same or greater bandwidth Can be shared with any other service of the same or greater bandwidth. With the exception of Signal B and CHESS, combining any of the above services requires combining their respective bandwidth. Some examples are below (however production criticality of a service, must be taken into account): Service combinations Comments Signal B and CHESS 64 kbps Minimum Bandwidth requirement (Kbps) 64 Signal B and MarketSource 1024 ReferencePoint and ComNews 128 Although MP is dedicated, Signal B is low usage Reference point is low impact Signal B, MarketSource, ReferencePoint and ComNews 1280 + MarketSource, and CHESS 1024 ASX VPN Access -Service Overview –Version 1.3 – April 2012 Both items can be shared Need next carrier available bandwidth. Page 10 Appendix 2 – Network overview The following diagram shows the provides a basic overview of the ASX E2 VPN environments and the various associated VPN delivery infrastructures on offer by ASX itself and third party suppliers. ASX customer OPTUS eFinity (MPLS) - BGP PE Router IP VPN carrier CE Router ASX customer IP VPN carrier CE Router Content Provider (ASX) E2 Infrastructure Telstra IP Evo (MPLS) - BGP ASX customer PE Router Sydney Applications CHESS SD BIG-IP IP VPN carrier CE Router Redundant circuits between ASX and Carriers 3 5 7 9 11 13 100/10 2Link/Act 4 1 6 8 10 12 14 15 17 19 21 23 18 20 22 24 Console Link/Act 25 16 Tx POW ER 26 Rx FAN 27 Tx ITS Test beds 29 Managem ent Rx AS2424E Si ASX customer RadianzNet (BGP/OSPF Routed) Market Info : SigB/ReferencePoint/ MarketPoint/ITC Market Data Si PE Router ASX E2 VPN Core networks ASX customer ComNews Si ASX customer Si IP VPN carrier CE Router 3 5 7 9 11 13 100/10 2Link/Act 4 6 8 10 12 14 15 17 19 21 23 18 20 22 24 Console Link/Act 25 16 Tx POW ER 26 Rx FAN 27 Tx 29 Rx Managem ent AS2424E SD IPC (BGP Routed) ASX customer BIG-IP PE Router ASX Internet VPN users (Cisco VPN clients - IPSec) 1 ASX Internal Systems Bondi Uecomm ISP 1 3 5 7 9 11 8 10 12 13 15 17 19 21 Console 23 Link/Act 25 100/10 2 Link/Act 4 6 14 16 18 20 22 26 27 29 24 Tx POWER Rx Tx Management Rx AS 2424 E FAN 1 3 5 1 3 5 7 9 11 8 10 12 13 15 17 19 18 20 21 1 3 5 7 9 11 8 10 12 13 15 17 19 18 20 21 6 6 14 16 22 16 22 26 27 Rx Tx Rx 26 27 Tx POWER 1 3 Rx Tx 1 3 15 17 19 18 20 21 Console 23 Link/Act 25 14 16 22 AS 2424 E 7 9 11 8 10 12 13 15 17 19 18 20 21 Tx POWER 16 22 27 Rx Tx 29 Rx Management AS 2424 E FAN 5 6 7 9 11 8 10 12 13 14 15 16 17 19 18 20 21 22 Console 23 26 27 ASX 29 24 Tx POWER Rx Tx FAN Rx Management AS 2424 E Console 23 Link/Act 25 14 26 24 Link/Act 25 100/10 2 Link/Act 4 Management Rx FAN 5 6 13 12 29 24 100/10 2 Link/Act 4 11 10 Management AS 2424 E FAN Console 23 9 8 29 24 Tx POWER Link/Act 25 100/10 2 Link/Act 4 14 6 Console 23 Link/Act 25 100/10 2 Link/Act 4 7 ASX Production Internet 100/10 2 Link/Act 4 World Wide Web (www) Telstra ISP ASX Voiceline 26 27 29 24 Tx POWER Rx Tx FAN Rx Management AS 2424 E ASX VPN Access -Service Overview –Version 1.3 – April 2012 Page 11 Appendix 3 - Server Configuration Details The following table shows TCP/IP addressing and port numbers required for connections for the various services on offer via the ASX E2 VPN portal. Environment Optus eFinity Addresses ** Radianz IP Addresses Telstra IP Addresses Port Comment Chess Production 203.202.49.2 206.190.104.213 29.8.1.2 203.4.179.22 N/A 4200 Primary and DR (DR use same IP address as for Primary) Chess Unscripted Test (XP1) 203.202.49.19 206.190.104.215 29.8.1.3 203.4.179.23 N/A 4207 No DR Chess Performance test (Test 9) 203.202.49.19 206.190.104.215 29.8.1.3 203.4.179.23 N/A 4208 No DR Chess Accreditation (Comm test) 203.202.49.19 206.190.104.215 29.8.1.3 203.4.179.23 N/A 4209 No DR Chess XP2 test service 203.202.49.19 MarketSource Service 203.202.49.8 206.190.104.215 29.8.1.3 203.4.179.23 N/A 4210 206.190.104.217 203.4.179.85 203.4.179.85 N/A 15024-15025 6004 (FIX) ASX24 ITC Market Data Service (Futures markets) 203.4.179.33 67.56.199.70 203.4.179.33 203.4.179.33 N/A 2212 Primary Sydney ASX24 ITC Market Data Service (Futures markets) 203.4.179.34 67.56.199.72 203.4.179.34 203.4.179.34 N/A 2212 DR Bondi ReferencePoint 203.202.49.1 206.190.104.218 29.8.1.12 203.4.179.25 N/A 15000, 15002 Primary and DR (DR use the same IP address as for Primary) 15000- Signal C 15002 - Signal B ReferencePoint Test 203.202.49.21 206.190.104.220 29.8.1.9 203.4.179.27 N/A 15005-15008 Test Server ASX ComNews Server 203.202.49.5 206.190.104.221 29.8.1.5 203.4.179.80 N/A 20-21 Primary and DR (DR use the same IP address as for Primary) ASX DevQA ComNews test service ASX Trade FTE 203.4.179.83 206.190.104.222 203.4.179.83 203.4.179.83 N/A 20-21 No DR 203.4.179.122 206.190.107.242 203.4.179.122 203.4.179.122 N/A 15024-15027, 6003-6004 15024-15027-ITS API ports 6003 - FIX order 6004 - FIX Market data ASX Trade ETE 203.4.179.121 206.190.107.241 203.4.179.121 203.4.179.121 N/A 15024-15027, 6003-6004 203.4.179.141 N/A 15024-15027-ITS API ports 6003 - FIX order 6004 - FIX Market data 6005 - 6006 ULLink FIX Port allocated by ASX on a per customer basis ASX Best Test *Internet iVPN IPC Addresses Addresses DCS Participant Test environment 203.4.179.201 67.56.199.76 203.4.179.201 203.6.252.22 N/A ASX Trade24: Gateway Functional Test 203.4.179.160 67.56.199.81 203.4.179.160 203.4.179.160 N/A Voiceline 203.4.179.169 67.56.199.82 203.4.179.169 N/A 203.4.179.169 TCP dst port 2002520240. TCP src port 20024, 20222, 20240 Port allocated by ASX on a per customer basis UDP 5555 UDP 4444 ** OPTUS are currently not supporting new eFinity services. ASX will provide updated OPTUS information when OPTUS provide ASX with the required details. ASX Net services uses ASX’s public IP addresses (see Internet VPN column above) ASX VPN Access -Service Overview –Version 1.3 – April 2012 No DR 6004- FIX Market Data Audio Stream to customer UDP port 5555 Port Forwarding required Heartbeat to ASX UDP port 4444 Appendix 4 – VPN Setup Information Sheet: Please contact Market Access (1800 663 053 MarketAccess@asx.com.au) for any queries relating this form. Below required information is to be completed and returned to ASX Market Access. The information provided will the assist the ASX in ensuring sufficient bandwidth is in place for your VPN set up and that the correct services are configured and delivered over your chosen VPN. Note: Voiceline Subscribers see Appendix 6 Service(s) required: New VPN service. Change of service: ( Additional service. Removal of service.) Live Services: Signal B MarketSource (Equities and Derivatives ComNews ASX24 ITC Feed (Futures Market Data) MarketSource (Equities Only) ReferencePoint CHESS AIC: ____ Voiceline (See Appendix 6) Test Services: ASX Trade PTE FTE (Functional Technical Environment) ASX Trade PTE ETE (Enhanced Technical Environment) CHESS AIC: ________ DCS ASX Trade 24 FTE  Using the enclosed bandwidth table please calculate your required bandwidth: Kbps. Please take into consideration which services require dedicated bandwidth and which services can be shared with greater or equal bandwidth (if unsure please contact ASX Market Access for assistance). Service Provider details: Please provide details of your chosen VPN service provider: Radianz. Optus Efinity. Telstra (COIN). ASX Internet VPN (iVPN). This will enable ASX Market Access to provide you any additional support documentation that will help you setup access to ASX services Site configuration details: IP Addressing details: Please provide your VPN providers NAT address for your site. This includes internet static address for ASX iVPN services: . . . (This address is required to be provisioned on ASX servers and firewalls and is also required for fault finding purposes).  Please note any service access port numbers listed in Appendix 3 of the “ASX VPN ACCESS-Service Overview” customer information document will need to be provisioned through your sites firewalls. ASX VPN Access -Service Overview –Version 1.3 – April 2012 Page 13 Appendix 5 – iVPN Setup: Please contact Market Access (1800 663 053 MarketAccess@asx.com.au) for any queries relating the below form. Ivpn.asx.com.au is the ASX’s Internet based VPN offering for the delivery of ASX information and services. ASX services via the ASX’s secure internet VPN include: Live Services: Signal B ComNews Voiceline ReferencePoint CHESS AIC: _____ (See Notes) (See Notes) Notes: For Chess Production Services over iVPN (only available to Participants under limited circumstances), a formal application for approval by the General Manager, Clearing & Settlement Operations is required. The application is to be attached and returned to Market Access together with this Appendix and the Technical Access Agreement. Voiceline is provided over the internet, not over iVPN. Voiceline Subscribers see Appendix 6 Test Services: ASX Trade PTE (FTE) ASX Trade 24 FTE DCS ASX Trade PTE (ETE) CHESS AIC: ______ This VPN service is administered and owned by the ASX. For customers wishing to connect to ivpn.asx.com.au all that is required is Internet access and a PC to run the Cisco VPN 3000 Client software. The Cisco VPN 3000 Client software can be downloaded from an ASX FTP link. The client software will require the creation and permissioning of a digital certificate as per ASX Digital Certificate procedures. Should you be running firewall software or a dedicated firewall you will only need to allow TCP port 10000. To help assist us with your ivpn.asx.com.au activation please complete the below questionnaire and have the form returned to ASX Market Access (marketaccess@asx.com.au). A procedure document detailing the Cisco installation process step by step can then be requested from Market Access. VPN 3000 Client software and connectivity to ivpn.asx.com.au Your company name Technical contact details (Name, Email, and Phone numbers) Name: Email address: Contact numbers: Which ASX service do you require to receive via the ivpn.asx.com.au network? What type of Internet access do you currently have? What is the speed of your Internet connection? When calculating your requirements, please refer to the “ASX VPN Access-Service Overview” document available ASX VPN Access -Service Overview –Version 1.3 – April 2012 Page 14 from ASXOnline or ASX Market Access. What is the external IP address of your Internet access? i.e. the IP address facing the internet provider. Note: this must be a static address. . . . Will your Internet access be dedicated for ivpn.asx.com.au? Yes No What operating system does the PC which will be running the Cisco VPN 3000 Client software use? Are you running a firewall or firewall software between your Cisco VPN 3000 Client PC and the Internet? Yes No ASX VPN Access -Service Overview –Version 1.3 – April 2012 Page 15 Appendix 6 – Voiceline Setup: Request Order Form from Market Access (marketaccess@asx.com.au) Voiceline IP Streaming Customer Setup Streaming Voiceline is a new service ASX offering to customers for the delivery of Company audio announcements. The service is administered, owned by ASX and is offered over ASX approved VPN providers and the internet. Its delivery uses audio streaming technology over TCP/IP and requires the installation of a hardware decoder device at the customer premise. When ordering the service following must be taken into consideration:        If using a currently approved ASX VPN service, note that the hardware decoder device requires an Ethernet connection to receive the audio stream, but the output is via standard 3.5mm Audio out connection or RCA stereo line-out connection. If using a currently approved ASX VPN service, the bandwidth required for Voiceline (64Kbps) must be added to your currently provisioned bandwidth. If ordering a new ADSL service for Voiceline, a static IP address must be requested. Port forwarding to decoder device for UDP port 5555 must be enabled on the ADSL modem. If running firewall software or a dedicated firewall, you will need to allow UDP 5555 inbound and UDP 4444 outbound. Any new ADSL service dedicated to Voiceline should be installed near to where your Voiceline P.A. equipment is located. As the service is delivered over TCP/IP, if you are using an existing ASX VPN provider or and existing internet connection, there must be Ethernet connectivity to where the Voiceline P.A. equipment is located. To assist with your voiceline activation please complete one of the following forms based on your choice of network connection. Once this form has been completed, please return to ASX Market Access at Market.Access@asx.com.au What type of network connection will you use to receive Voiceline?   Internet connection – Use Form 1 – Voiceline over Internet Connection ASX VPN service - Use Form 2 – Voiceline over VPN Service ASX VPN Access -Service Overview –Version 1.3 – April 2012 Page 16 Form 1 – Voiceline over Internet Connection Use this form if you wish to use an existing Internet connection for Voiceline. The decoder device should be connected in the DMZ on the inside of the customer Internet environment. The device that terminates the Internet connection will need inbound port forwarding to the decoder and an outbound rule to connect to Voiceline. The Internet connection must have a static IP address to receive the Voiceline IP stream. The diagram shows the basic setup. The numbers correspond with the questions below. Voiceline Internet Scenario DMZ Internet Exstreamer connected into DMZ 6 5 Internet Router / Modem/ Firewall 7 Port Forward or NAT required on customer’s internet Router/Modem To customers P.A. Decoder Port Forwarding required on customer’s Internet device: Inbound port forward source 203.15.147.69 UDP port any -> dest <customer Public IP address> UDP port 5555 -> dest <customer Private IP address> UDP port 5555 must be forwarded as: source 203.15.147.69 UDP port any Outbound rule source <customer Private IP address> UDP port any -> dest 203.15.147.69 UDP port 4444 Diagram: Voiceline setup over the Internet 1. Company Details: Name: Address: 2. Technical Contacts: Name: Name: Email: Phone: Email: Phone: 3. Site Location (Details of where the decoder will be installed) Address: Floor: Cabinet: 4. Is the Internet connection new or existing? If new the following questions will have to be answered after the installation. New Internet Connection Existing Internet Connection ASX VPN Access -Service Overview –Version 1.3 – April 2012 Page 17 5. What is the external IP address of your Internet connection? This is the static address facing the Internet. See 5.on the diagram above. . . . 6. What is the internal IP address of your Internet on the DMZ? i.e. the gateway address to reach the Internet. This must be on the same IP subnet as the decoder. See 6. on the diagram above. . . . 7. What will be the internal IP address allocated to the Voiceline decoder hardware device on the DMZ? This must be on the same IP subnet as the Internet Device (in question 6). See 7.on the diagram above. . . . 8. Will your Internet access be dedicated for Streaming Voiceline? Yes No 9. What is the speed of your Internet connection? 10. Who is your Internet carrier? 11. Is there a UTP Ethernet connection available where the decoder device will be located? This must be patched through to the Internet DMZ Yes No 12. Can the decoder device be located near your Voiceline P.A. equipment and what is the distance between the two? Yes No Mtrs. 13. Has the port forwarding work been scheduled? What date will it be completed by? Yes No Date: 14. Do you currently have Voiceline? If so what Telstra line numbers do you have for all of your sites (line numbers are of the form NxxxxxxxP) Yes No Line Numbers: ASX VPN Access -Service Overview –Version 1.3 – April 2012 Page 18 Form 2 – Voiceline over VPN Service Use this form if you wish to use a new VPN Service for Voiceline. The decoder device should be connected in the DMZ on the inside of the customer’s VPN environment. The carrier’s router will need inbound port forwarding configuring to allow connection to Voiceline. The diagram shows the basic setup. The numbers correspond with the questions below. Voiceline VPN Scenario 6 5 VPN Network DMZ Exstreamer connected into Carrier DMZ Carrier Router 7 Decoder Port Forwarding required on Carrier’s VPN Router To customers P.A. Port Forwarding required on carrier’s router: Inbound port forward source 203.4.179.169 UDP port any -> dest <customer Public IP address> UDP port 5555 -> dest <customer Private IP address> UDP port 5555 must be forwarded as: source 203.4.179.169 UDP port any Diagram: Voiceline setup over VPN 1. Company Details: Name: Address: 2. Technical Contacts: Name: Name: Email: Phone: Email: Phone: 3. Site Location (Details of where the decoder will be installed) Address: Floor: Cabinet: 4. Is the VPN service new or existing? If new the following questions will have to be answered after the installation. New VPN Service Existing VPN Service ASX VPN Access -Service Overview –Version 1.3 – April 2012 Page 19 5. What is the external IP address of your VPN? This is the IP address that you are seen as by the ASX. In the case of Radianz, they will allocate a new NAT address. See 5. on the diagram above. . . . 6. What is the internal IP address of the VPN router? Ie. the gateway address to reach the VPN. This must be on the same IP subnet as the decoder. See 6. on the diagram above. . . . 7. What will be the internal IP address allocated to the Voiceline decoder hardware device on the DMZ? This must be on the same IP subnet as the internal address of the VPN router (in question 6). See 7. on the diagram above. . . . 8. Will your VPN be dedicated for Voiceline? Yes No 9. What is the speed of your current VPN? 10. Who is your VPN carrier? 11. Is there a UTP Ethernet connection available where the decoder device will be located? This must be patched through to the VPN DMZ Yes No 12. Can the decoder device be located near your Voiceline P.A. equipment and what is the distance between the two? Yes No Mtrs. 13. Have you contacted the carrier and requested subscription to Voiceline? What date will it be completed by? Yes No Date: 14. Do you currently have Voiceline? If so, what Telstra line numbers do you have for all of your sites (line numbers are of the form NxxxxxxxP) Yes No Line Numbers: ASX VPN Access -Service Overview –Version 1.3 – April 2012 Page 20

ASX VPN Access - ASXOnline.com

Related documents

Add this document to collection(s)

Add this document to saved

Suggest us how to improve StudyLib