Installation instructions for the supplier VPN solution We use IPSec/L2TP with EAP (X.509) user authentication. We use IPSec NAT Traversal according to IETF RFC 3193 draft-02. VPN traffic requires that your local firewall permits the following protocols / ports: UDP/500 UDP/4500 (If you use NAP/PAT in your local network) IP Proto 50, ESP Please note the following: If you have Cisco's VPN client installed, it will stop the service IPSEC Services, which is required for this and other IPSEC VPN connections to properly authenticate. Please stop any Cisco services and start the IPSec Services service by running services.msc Please follow the instructions below during installation of certificates, and setup of the VPN connection. Note that during the installation, you will need to install the same certificate twice, once for Current user and once for Local computer. Index How to import the certificate you have received from Helse Vest Open an MMC console Add the certificate Snap-in for user account and computer account. Import the certificate to Current User and Local Computer certificate store How to create a VPN connection to Helse Vest How to create a remote desktop to Helse Vest Troubleshooting How to check the certificate
How to import the certificate you have received from Helse Vest 1 Open an MMC console. Type MMC in the search field, hit enter. Add the certificate Snap-in for user account and computer account. 2 In the MMC console click File and select Add/Remove Snap-in. In the Add or Remove Snap-in window select Certificates and click Add >
3 In the Certificate snap-in window, select My user account and click Finish 4 In the Add or Remove Snap-in window select Certificates and click Add > 5 In the Certificate snap-in window, select Computer account and click Finish
6 In the Select Computer window, select Local computer and click Finish 7 Click OK on the open Snap-in window Import the certificate to Current User and Local Computer certificate store. 8 Click the arrow in front of Certificates Current User and Certificates (Local Computer) to expend the view so that you can see the folders under each store.
Right click Certificates or Personal if you don t got the folder Certificates. 9 Select All Tasks (don t click) and select Import (click). In the Certificate Import Wizard click Next > Click Browse 10 In the Open window, change the file extension to *.pfx 11 Browse to the location where you have stored the certificate that you have received for Helse Vest, it should be in the format ext_xxxx.pfx. Select it and click Open. Click Next > on the Certificate Import Wizard
12 Type in the password you have received from Helse Vest IKT for the certificate import. Click Next >. 13 Select the certificate store Personal Click Next >. Move the certificate ihelse.net Issuing CA1 to Intermediate Certification Authorities. 14 Move the certificate ihelse.net Root CA1 to Trusted Root Certification Authorities. You move the certificate by left click it, hold the mouse button down and drag the certificate over to the folder.
15 When you get a warning box, click Yes Repete step 8 to 15, for the Local Computer certificate store. And move the certificate. 16 Move the certificate ihelse.net Issuing CA1 to Intermediate Certification Authorities. Move the certificate ihelse.net Root CA1 to Trusted Root Certification Authorities. How to create a VPN connection to Helse Vest 17 Click the network icon on the taskbar and the click Open Network and Sharing Center.
18 In the Network and Sharing Center window click Set up a new connection or network 19 Select Connect to a workplace and click Next 20 Select Use my Internet connection (VPN)
Type in vpn-terminering.ihelse.net in the Internet address text box. 21 Type in Helse Vest supplier VPN in the Destination name text box. Mark the box Don t connect now, just set it up so I can connect later. Click Next 22 Click Create 23 Click Close
24 Click the network icon on the taskbar. Right click the network Helse Vest suppliers VPN and choose properties. 25 In the properties window, click the Security tab. In the properties window, click the Security tab. 26 Change Type of VPN to L2TP/IPSec. Select Use Extensible Authentication Protocol (EAP), under Authetication. And change to Microsoft: Smart Card or other certificate..
Click Advanced settings under Type of VPN. 27 Verify that Use certificate for authentication is selected and clear the box Verify the Name and Usage attributes of the server s certificate. Click OK 28 Click Properties under Authentication. Select Use a certificate on this computer and verify that the box Use simple certificate selection is checked. 29 Check the box Validate server certificate. Clear the box Connect to these servers. Check the certificate ihelse.net Root CA1. Click OK.
30 Click OK. Click the network icon on the taskbar. 31 Click the network Helse Vest suppliers VPN and choose Connect. You should now connect to Helse Vest.
How to create a remote desktop to Helse Vest 32 Type in mstsc in the search box and hit Enter. 33 In the Remote Desktop window, type in ekstern-rdp.ihelse.net in the Computer field. Save the Remote Desktop Connection to your desktop.
34 If you need to transfer files between you and Helse Vest select Local Resources and click More under Local devices and resources. 35 Select the disk you have the files on and click OK. 36 Double click the RDP connection to connect to Helse Vest. In the log on box, type in the username and password that you have received from Helse Vest IKT.
How to check the certificate Troubleshooting From the MMC certificate window, dobble clikc the certificate. Verify tha the certificate got a private key Click the Certification Path tab, and verify that the certificate chain is ok.