https://community.cisco.com/t5/network-access-control/ise-auth-computer-based-on-ad-group/m-p/2114044#M142281 <HTML><HEAD></HEAD><BODY><P>Hello Philip-</P><P></P><P>Can you post screen shots of the live authentication event (both the first page and then the details). Also, can you post screen shots of how your supplicant (Machine client) is configured</P></BODY></HTML> Tue, 20 Nov 2012 19:18:37 GMT nspasov 2012-11-20T19:18:37Z https://community.cisco.com/t5/network-access-control/ise-auth-computer-based-on-ad-group/m-p/2114043#M142280 <P>Hi,</P><P></P><P>I am trying to get ISE to check if a computer is in a specific Active Directory group and then authorize based on that information.</P><P></P><P>I have connected ISE to Active Directory and successfully added the group domain.com/Users/Domain Computers and then under Authorization I have added the policy IF Any AND domain.com:ExternalGroups EQUALS domain.com/Users/Domain Computers Then PermitAccess.</P><P>It is the first rule in the list.</P><P></P><P>But this doesn't seem to work. The computer goes to the last Default rule. Did I forget to do something?</P><P></P><P>Regards,</P><P>Philip</P> Mon, 11 Mar 2019 02:48:43 GMT https://community.cisco.com/t5/network-access-control/ise-auth-computer-based-on-ad-group/m-p/2114043#M142280 Philip Vilhelmsson 2019-03-11T02:48:43Z https://community.cisco.com/t5/network-access-control/ise-auth-computer-based-on-ad-group/m-p/2114044#M142281 <HTML><HEAD></HEAD><BODY><P>Hello Philip-</P><P></P><P>Can you post screen shots of the live authentication event (both the first page and then the details). Also, can you post screen shots of how your supplicant (Machine client) is configured</P></BODY></HTML> Tue, 20 Nov 2012 19:18:37 GMT https://community.cisco.com/t5/network-access-control/ise-auth-computer-based-on-ad-group/m-p/2114044#M142281 nspasov 2012-11-20T19:18:37Z https://community.cisco.com/t5/network-access-control/ise-auth-computer-based-on-ad-group/m-p/2114045#M142282 <HTML><HEAD></HEAD><BODY><P>Hi Neon. </P><P></P><P>I can't show you exactly that at the moment since I did try some thing else before I went home. I made profiling based on if the computer hostname contains 'xx' and if it is a microsoft workstation. Then I made a new authorization policy under the AD one and saw that the computers hit the new policy.</P><P>But to my knowledge the client should still hit the AD policy first.</P><P>I have some screens from that (some names are in swedish, let me know if you want a translation of those). To me it looks like it hits the wrong Identity Store.</P><P><IMG src="http://supportforums.cisco.com/sites/default/files/legacy/9/0/4/114409-ise1.jpg" class="jive-image" /></P><P><IMG src="http://supportforums.cisco.com/sites/default/files/legacy/7/0/4/114407-ise2.jpg" class="jive-image" /></P><P><IMG src="http://supportforums.cisco.com/sites/default/files/legacy/8/0/4/114408-ise3.jpg" class="jive-image" /></P><P></P><P>I don't have a screen of the supplicant at the moment. How should it be configured?</P></BODY></HTML> Tue, 20 Nov 2012 20:17:02 GMT https://community.cisco.com/t5/network-access-control/ise-auth-computer-based-on-ad-group/m-p/2114045#M142282 Philip Vilhelmsson 2012-11-20T20:17:02Z https://community.cisco.com/t5/network-access-control/ise-auth-computer-based-on-ad-group/m-p/2114046#M142283 <HTML><HEAD></HEAD><BODY><P>I did some changes to the Authentication Policy:</P><P><IMG src="http://supportforums.cisco.com/sites/default/files/legacy/2/1/4/114412-ise4.jpg" class="jive-image" /></P><P>Before the Default part was set to Internal Endpoints.</P><P></P><P>Now it fails authentication with the following log:</P><P><IMG src="http://supportforums.cisco.com/sites/default/files/legacy/3/1/4/114413-ise5.jpg" class="jive-image" /></P><P>So now it is actually checking AD but it is checking for User, not computer name.</P><P>Any ideas?</P></BODY></HTML> Tue, 20 Nov 2012 20:40:55 GMT https://community.cisco.com/t5/network-access-control/ise-auth-computer-based-on-ad-group/m-p/2114046#M142283 Philip Vilhelmsson 2012-11-20T20:40:55Z https://community.cisco.com/t5/network-access-control/ise-auth-computer-based-on-ad-group/m-p/2114047#M142284 <HTML><HEAD></HEAD><BODY><P>It looks to me like all the authentication log screenshots you have sent are when your switch is using mac bypass (mab), which of course won't work with AD authentication, unless of course you have the mac address of all your pc's in your AD (which you normally don't). </P><P></P><P>Basically you need to configure your windows supplicant for either wired dot1x peap or eap-tls and your switch also need to have dot1x in the "authentication order" and "authentication priority" commands on the switchport your pc is connected to.</P><P></P><P>Here is a few screenshots of how i did my testlab ise setup :</P><P></P><P>authentication rules :</P><P><IMG src="http://supportforums.cisco.com/sites/default/files/legacy/3/0/4/114403-authent.png" class="jive-image" /></P><P></P><P>Authorization example, you could put this at the very top, just to make sure you don't have any broader rules that it can match further down in you rules.</P><P></P><P><IMG src="http://supportforums.cisco.com/sites/default/files/legacy/4/0/4/114404-author.png" class="jive-image" /></P></BODY></HTML> Tue, 20 Nov 2012 21:01:56 GMT https://community.cisco.com/t5/network-access-control/ise-auth-computer-based-on-ad-group/m-p/2114047#M142284 jan.nielsen 2012-11-20T21:01:56Z https://community.cisco.com/t5/network-access-control/ise-auth-computer-based-on-ad-group/m-p/2114048#M142285 <HTML><HEAD></HEAD><BODY><P>Thank you. It seems that I had a knowledge gap on how this works. For some reason I believed that ISE would take the hostname of the computer and check if it excists in AD, without aditional config(.1x) on the host. </P><P></P><P>When I look in the switch log I see that 802.1x fails and it authenticates the computer on MAB. </P></BODY></HTML> Wed, 21 Nov 2012 06:55:41 GMT https://community.cisco.com/t5/network-access-control/ise-auth-computer-based-on-ad-group/m-p/2114048#M142285 Philip Vilhelmsson 2012-11-21T06:55:41Z https://community.cisco.com/t5/network-access-control/ise-auth-computer-based-on-ad-group/m-p/2114049#M142286 <HTML><HEAD></HEAD><BODY><P>Can anyone tell me if this can also be done to VPN clients?</P><P></P><P>We are using an ASA 5515X for incoming VPN using Anyconnect 3.1.02026 and NAC Agent v4.9.0.47</P><P></P><P>Would like to be able to restirct access to the network in general, or even specific network devices based on workstation group memebership or non AD member workstation.</P><P></P><P>(i.e. all corporate assets can come through VPN and get to all network resources based on their department, however, when contrators come through the VPN their systems are not in AD, therefore they can only get to specific systems on the LAN, or we have certain specific users that work from home using their personal system and we only want them to access specific systems on the LAN)</P><P></P><P>Thanks in advanced,</P></BODY></HTML> Fri, 15 Feb 2013 17:01:10 GMT https://community.cisco.com/t5/network-access-control/ise-auth-computer-based-on-ad-group/m-p/2114049#M142286 dirkmelvin 2013-02-15T17:01:10Z https://community.cisco.com/t5/network-access-control/ise-auth-computer-based-on-ad-group/m-p/2114050#M142287 <HTML><HEAD></HEAD><BODY><P> Hey Dirk</P><P></P><P>Have you tried in the authz policy, domain group not equal domain computers?</P><P>Using a not equal might solve your problem.</P><P></P><P>Thanks!</P></BODY></HTML> Fri, 15 Feb 2013 17:11:30 GMT https://community.cisco.com/t5/network-access-control/ise-auth-computer-based-on-ad-group/m-p/2114050#M142287 ccsipaul01 2013-02-15T17:11:30Z https://community.cisco.com/t5/network-access-control/ise-auth-computer-based-on-ad-group/m-p/2114051#M142288 <HTML><HEAD></HEAD><BODY><P>If you just want to authenticate VPN users through ISE you can use your existing ISE node but If you want to do CoA for VPN users then you have to use Inline Posture node. </P><P></P><P></P><P>Please have supplicant setting as follows for machine auth.... This can be an issue </P><P><IMG src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAYAAAAHhCAIAAADoDf4XAAAgAElEQVR4nO29aVQTWb/one9nve/9cs9dT4OobT9rnbPWvfcs6dv2OfbT9z3POU87oKitdos4oOfpPp5+uqXbtrVtQXBgCHMISUgYjeDA5IAgGlBQZJ5CAigyyhzCPCPQi/dDVSo1J8AOSfD/W/+llZ1de++qSv3Yu5LaJSjMzip+kl2am1ORp6p4qqp8llv9LLc6P7f6WW6VMVTkqHxKjTxKVOSpKnKxeMKM8twn5arHWJSpcrAoJeLJI3KUPM6mRlbJ46ySx9mlT7JLnzwqUz0qV+VUqB5X5D6pzH1Slaeqeqqqeqqqfqqqfqaqfppb/UxV/dQYVXmqqjxVVe6TqtwnlblPKlWPK1WPK1Q5WJQ/eVT+5FH5k+yynKzSRw9LHz0seZRZkpVZknW/6OH9oof3Xj64+/JB+sv76YX3017cTX1xN/V5RsrzjJTn6XcK0m8XpN8uSLudn3YrP/VWfurNZyk3n925+exO8rM7yU9vJz+9nfT0VtLTWzfysLh5I++mMu+mMvemMjf5ujGSrquSElVJCaqkhCdJCU9uxD9WxuVcj81JjH2UGJOdoHgYF/0gVnY/RnpPLrkbHZURLc6QitKlonRJRJokIi0qnDsisEgVh+PBl5mxrsQY6UuMDKkID1kkM+4a4p5MfC+aGvIoWtzHQ4KHQvJAIXmgkGQqpJkKaWYMFrLMGNnDWNnD2OiHcdEP4+VZeCiyEhRZCYrshJjsxJjsxNhH17GIy1HG5Sjjc27EP76R8Dgp4XFS4pPkxCfJ15/cvK66qVTdVObeupF7+0bu7aS8O0l5d5KfpiQ/Tb35LPXWs9Rbz9Ju56fdzk+/U5CRUpCRUnA39fnd1Od3057fS3txL/3F/fTC++mFDzIKH2QUZt59mXn3Zea9l5n3ih7eK3p4ryjrflHW/eKsB3hkPyjJzsSi9NHDEiJyHpbmZOHxOKv0cTYRZU+yy548Klc9qsjNqcjNqch9jEVl3pMq7Cx4llv9LLcmP7cmP6+mAA91wVNDPDPG82e1PPEinyc0Lwo0Lwo0hTzxXPvyufbl8+mJ8T9uWH/y5Mlz584FBARIJBJBV2tLd1tLT3tr79u3vR1vezve6jre6joN0cEefUS8bTc/et+2GaOdFq206GmjRQs1SJnftvW9bSNq0b1t13W0k1rbrut4q8PSjY1p62s3Bl5OW2svUVFLc09Lc3dLc3dLU3czEW+68GjsamrsamrsxOJNY+eb18ZofN3Z+Kqz8VUHFq9fdbxuoMXb1w1vX9GinhztDXWk0LbVa9vqta11mhatpkVb26ytbdaom2vVTbU1TbU1TeqaN+pq3qgylWFp0bSEqMEbyR3NeKibNUuLFo26RUtELS1atZrWOlpoW+u1rfX4/myr17Y1YEHe2/Xtr4hoePuaFI0NHcRhbXzdgR/xxs43hk9CU2NnU2OX8XPypqu5qQv78LQ0deOfqObuluaeVnK04MH4kONBPzvopw/5899H/vx3vtV1vu3Ho4MjOrHQd60suunR195GCAhzEIuADrrs+Hq3yyHXXYf3uh7e6+q+z/XIvj0QEBAQK4xEhZzkoAJNIZuARgEAACzAkX179N2dICAAAKwAQ0AFICAAAFYJEBAAAFYDBAQAgNUAAQEAYDVAQAAAWA1MQLWF+bWF+eYKKDhMBkEOqxw5AFgDkAWEOcgsAS0CBkBAALBsaAKqLcwHAS0Nq/e/oOsH2C9H9u3Rd3XWvgABLZfgMNnCewkICFg5IKCVEhwmG3//AAEBSDAKCAsQ0FIBAQHAsqEL6MVKBNQs2irA2CpqxpJyTuEpp3LoeYyZGOScwt7LOWVccTHnlHHZPJpFW4k6iGVyIgqCw2Rj7x/z8/MgIGDloBSQ8czOOYXZhXBGs2grvpRzymARQyaGNMhyIjI1i7YuUT8cAkLN+3kegoAAJOACep5f+xyhgPCzndRnYTn/uZVAeSfnlGCrKIclL72/xfc6x7h86tTWraLmZtHWrSIRrXtG6p1hZbB06dgENEKmOmALvs6WgGosKe0EnnIijZ7HmIlB2gn6e8wUM6gO2EKsRSyTE5cFCAhAAkVAz1c4BDMOuIgRFPcAiqdLQn2rWbSVRQDGPhXWqWKTHc8QrFm0VWBcX4DrkmQiPA+5Ck4BDZHw/+QT/6qhoaGhodQTgk/8q4aGUk8ITqQODQ0NVfl/gi+lnsD+N2aiUuX/iUAgIL/DTDGXKmOLKMsrY25uDgQErBy6gJ6vQEAGBxAnN4+A2MdfrAJazDnF1gPBZMdyacnYp+EXEO0tlszUKrgFNEjC75NP/CoGBwcHByuwxRQPgUfKIDmFDEsS5ztseSv8PsG3GHuL73WKcdnD45NP/Coq/D75xM/PA0/EW2lcAy+DXuTg4ODgIAgIQAKLgMaXKyCSNbAzmGsIxmsflsyncjjXMDiCtT+1JAGRq6A3gE9DwWGyAQopHsT5Wo699EgxvkUsDwwMDAyU+32C5WLCfIs1xVBgiodHCrl8IjN5LVpiud8nAuP6gk/8ygdSPIgUYx5yFTggIAAJKAVEGcJQu0DG0UyzaCvNJaSRDlMchmvPjEzNolOUC06UL8xYSiaW+fo71GtY9Co4BdRKIuGw4HBCa2tr/iVngeBwgjGB/KbxpfOl/FZ28i85095kprQmHBYIBESZ+ZecKd1AQ0OItYhlbIH5FktmahUGpqenQUDAykEpIHO+hqcNlbaKmmluIWc4dYraK6EP4qiVMS4hE5mM3+lTL0LT+zvGIgXEVSHa9rAKqJmEs7NXHr6Y5+Xs7JUX7yZwiycn4O/GuwmML1igZOZIMRYlEAjc4lkzkBOJZWyB+Ra5UfTWCgTEhjQ3g4AAJBgE9AyFgNYMS/nJUXCYrImEm0DgFt/U1NTUlOe1WeAW39QU74anGBKwpc1eeaTVjO+RUqhZWFPc8ATsvXhj7awlE8tYdnKB+HK8G9EwQx5qFXipICAACSQBPXvfBUTqAC3hJ0fBYbJGMqqLm/FCNl9UYUmxh/CUQ7G0LEQ+1cXNhndpGbBUZgq1ZENl5HyG+rFM2Ct8+dChzZsvqlQXNxNtJJaNRWLrMKpobGxsbJyamgIBASuHKqBn77WAlkdwmKx+TSL/WvC1nOvNyclJEBCwco7s29Pf1UF+wioIaGkEh8m0a4jor4j+z1fR3NlAQAASMAGpnz8FAS2T4DCZ5v1jYmICBASsnCP79vR3dapfPMNihb+Efh8JDpOp3z9AQAASWIdgH613AgGZi9WnJYSAsP3AThamgNz3ufZ3dqgLnhIxBQICAAAhPAI6vNdV19lRnZ+HRU1B3tT4GAgIAABk8AjIbc9uXcfbyqcqQ+ROjY9tcgIBAQCACB4BHXJ16XvbXp77uDz3cUXuk4rcJ5NjY5uc1oGAAABAA4+Avtq1s6e9rfTJo9Inj0qf5JQ+yZkcG/1wnSMICAAANPAI6IDLjp72tqKc7KLHj7CYGBvdSAjI+7tj+/eDgAAAWD48Atq/Y3t3W+vLnIdYFOVkTYyObnB02O1+8ty5bzxcXL7zgR4QAAArgEdAX+7Y1t3WUpidWZidWZj9sDD7ISagLw6cPHf66EEXDx8YggEAsBL4BLR9W1dry4uszBdZmS+yM19kZ06MjoCAAABAhgkBtbW8yM58kf3wxaOHhY/wIdiBkzAEAwAABSavARU+elj46GFhTtbLnOyJ0dGNjg5wERoAADTwfgu2vae9tfhxVvHjrOLH2cW0b8Hga3gAAFYI/++AetvbsV8Alaoel6oeT46NWeF3QBEikTmBvF4AACwNj4C+3u3S19FenvekPO9JRZ6q4qlqctwav4SOEIkm2ZidnX337t309PTk5CQICADsEb57wVx36TrfVj7LrXyWW/Ustyo/zzr3gmECupelIkd5VW3CnecXAtNb2runpqYsKCDDdNBLfvw8F82Rn30WaYlH0dsEa3vrANSYdzf80+qCpzXWmo6DEFClugGLqtpXQ8Njbt8nfHEkSlVQOz09TRFQc+RnhqlDl3kuGM+inFPLLYOzzGWfossoYeWVLhUQELAU+OYD2uva39lZU/CspuBZTUF+zfP8qQkbEFC15tXbzt77T9TbjkT954VbfX062hCMpAye57abR3PkZ6i6PggFZNFVVggICFgKvBOS4VOy1r7Ir32RX/uiYNq6Amp409re2dPQ2DI+Menx840dx6RPX75qbmlhCIj2MNXIzz47dcrQKTI8BZHoJZFsRTx5JxI7i0gP4/ns1CmjiujdInqXi3wS4suk+k6d+uyzyEj6Uxmp7WmOZOShl9BMa3MOs+fHtooxzVAqszGM/XYqB1+N0Vri6bLGupmV4/uiOfIzVN1JYK3AIyD8sTyYfQoLagsLpifGP0I+J3RDew9/YAIqLq8uV7cm3ysbGh7OfdHg4hH97a+3ZmdnGxpe0QSEn5TEyUT+3ONPaSY/md4oCNIzWNl6K8RKPM8mxN5iERB1gWgdrjJGe1jyMIvi7p4Zn3tNW8X4lGp8ZdaKaPst55SAWGAthJRCqoi2h00IyOTHAMJegv0Ac2CGgAo0Lwo0L55rCp+jn5TenOZiAmp72/Hj5bQdx6Tq+s7/+u3O7pPyxwUN09PTLa1t7N+CYR6i6QA7h3JIf66JP/C0c49luISfVCz+of39Nykg2rvNvO3hKoE52GHthnCtgsmDtSLz6+UqhLlFJg8zsFZYkoNMCKi7E+v7aAoLNIUFiAVkZkMxAVWrNW0d/TuPy1xORO8+Kf+PX27OvpubnJzs6Ozk/ho+5xRdLgYBMU9d0wLCimP4h/yHnfUUNUdAPO0xU0DMZvCvYmkBwWDrPcZ8B5kUkMZgHysLqKSsQj84GhqTt+uE3PU/FA9UGuxHQL29vTQBfUYefNFOBsYgYtGY1dQQDM/FGEWQ8uASIBVm1AKRyHLOM9rDJSBKCRxt5quUbQi2VAGxD8HwNQ1VM/cwXAN6j0AsoJdYoB6CLUlAFZVVTU3N7Z39YTG5kQnPxiemB4eGBgYG+/v1NAHRxyGU4YA5F02Ji9DM73TY/7ITl4KJa71EYaQLxng2cgrtwpCJQRyzBHKbc1iawbsKlw0Z28pxGYuyPw11s7aNtIdBQO8FyATU1akpfK4pfK55+dzKAsKYmpp69+7d7Ozs1NQU+VfRfD9ERDgcQPerIABYwyDsAWlfFmhfPtcWPdcWWU9AK7oXDJ2AeL7+AgCAAO0QjHCQdQQEAIB9gVJALws0L58bBDQBAgIAwARIBYTbpw56QAAAmAPib8GKsGtAL6AHBACAadAJqEvz8rn25Qtt0QsQEAAAZoFUQC80mICKQUAAAJgB4mtARS+0RS/qigtBQAAAmAbl74CKMAEVaotAQAAAmAHCIZj25Qvty8K64sK64pcgIAAATINYQMQQbBIEBACAKdALqLgQBAQAgFkgE1BPl7boRV1RYV1RYV3xSxAQAACmQdkDKnqhLSqsK35pfwKSSCQXLlw4AwBnzpw5c+bChQsSicSiHzkAA2UPqLgQG3/VlxTZk4CCQ0LEYrFOp1sAgIWFhYUFnU4nFouDQ0LM/Ag9e1F0P/vx3YePIPjjfvbjZy+KyLsOlYAGsCFY8cu6kpf1JXbVAzp//rxer5+bmxsHgPHx8fHxubk5vV5//vx5cz4/ObnPnr8sGRsft7Y27YCx8fHnL0tycp8Rew/xNaDiwrqSorpSu+oBnTlzZmFhwdqfecC2WFhYOHPmjDmfn3tZOePjE/Pz86yPBQfIzM/Pj49P3MsyzpWFsgdUXFhX8rK+tKje7gQ0Pz8/BgAk5ufnzRTQ3YePFhYWrH1q2w0LCwt3Hz4i9h46AXXjAiopsrNrQJiAmFsFvM+AgCyExQVUWlRfWjRjdwIaWTPUBG7ZElhj7VbYOyAgC2E5AdWXFGH2qS8rtrMe0Nzc3BBB6gnjozFOpA4hpypgy5aAKssVu+zyl1HCyiu1Vebm5taggDrz5fL8TquWZkEBGexTX1Y8MzlpZwIaHBwcHBys8N8iEHikDOKkeBiXkVHhv2WLf4Xlil12+ctY0ULbYgMgFlBnvtwPB6EBlsySlEFk5lrLtgTUU1daVF9a1FBW3FBWYn8CGhgYGBgY8N+yxb98gE65/xa8R+SRgr3c4uGxBXuNv+eRQkknpRjKw5eNZTFfYXn8PQwVMesnZeMs1sPDUIjAWBBnReStopRQPjAwMJBiyCLwSGE0g3UVln3FaIxtIGCDeBepgGrTjNqpTUurXeI5i47lCQhJaQYsJaDeHqwH1FBe0lBubwKanp5ubW1tbW39WOCe0EojwV2Ap+b7fCxwT2jN9/lY8LFPPvaOYeFjn3winVgp3+djQ0IrsWxMTHAnqsMS830+FrC0gNIWrAE8xZILwRrGXxGeh1kUvrmczWBZhXVfMSqyGWj2Ib81PT2NVEB069C7RJ35cmMeQ35jJuaJXptmWD8tP18uz89P8/PjWotUmR/RqaHVjpfgx1JKWpqcaCNjrU7+Zq6mgMqKG7AoL7U/ATU3Nzc3Nzs7ez9tpvLU25j41NtZcDieSKEtkHM2xx8WOHvHU9dlrkX5/JNKZraByEWriKsx5Hf5KzJrc9iawb8KbV/RGmYzEBtES0cqIIMtWPs+BtsYLYUvkbRF72tQdIUJwPCSuVZtGvGuMYWah1wC0V3jGYJhBRjXJVY13buzkIAGe3saykoaykoaykte2aOAmpqampqa3ATO3nlNFPK8nYm0PG9ngVs8kUJbIOdsinczCCiPVg5zgbUuciLRKmZF/MWyNIxto0xvDlsz+Feh7SuurbMBBAIBMxGtgIznLaEhZq/EaCJ6f4NuL5oRyC+Za9HeNejGRB6uBXKbSYLjkOuqC6i8pKGi9FWFvQloamqqsbGxsbFR5eUsELjFNuLEurnFNsa6GZJUXs4Ct9hGlZezs5cKe01eIF42NjbGugmwFENpKi9nAZEZTzSW3EhUT5TAlogXwl8suRB8mbci8lZQSiBVw9oMllW49xXX1tkqU1NTlvkWrDYNO+HJ4yN8sTNfnlZr8A/fFRZ+AdHWYhWQyTzMBWabKeWYqyELC6i0oRwX0EfrnexJQK8MPLlIGq8ciqEmHYrBXjpffMJcYFnTuKrzoUN45levYg4JBAKB88UnlMqwEgx5yGD5yYXwFUtKobSQqyLSMr0E0lqHYliawbsKdV/Rlm0elALCxMKhANp5nZaWZnhFGjqxlEgdglFFQF3LeAncUBcjD5eAiMtBrG02pKcxVMqDJQTkvs91oLenoRwXUEN5mZ0JaHJysn7l5FzYvPlCDoKCAOszOTmJrgfEHG4ZryETl3iZYmFbj+Ut7CJ0J89ahsqMdbEPpugawdYj1qK3mTIEM/MatEUEdHivQUAVpQ0VZQ0VZTNT9iYg7crJ/nXz5l+zERQEWB+kAgKMWEJAbnt2D/T21JeV1JeX1Bt6QJuc7EdAExMTGgAgMTExAQKyBJYQ0CFXl4HenrrS4rqykrrykvry0unJyU1O6+xDQOfPn+/s7BwcHFQDgFqtVqsHBwc7OzvNnA8IBLQkLCGgr3bt1Pf0aEuLsagrK5menPxwnaN9CCgkJEQkEnV3d08AwMTExMREd3e3SCQKMW9GRJgPyHwsNB/QAZcd+p6e2pJiTWmxpqxYW1YyPTm5kRCQ93fH9u+3XQEtLi4GBQWdP39+NWYbBuyB8+fPBwUFmfnhycnLf/6yZGJi0vITCto9ExOTz1+W5OTlE3sPiYD279iu7+nRlBZjgQlog6PDbveT58594+Hi8p2PDfeAAGCFPMp9di8rx+ozLtt+3MvKeUSaj3URkYC+3LFN32sQUFmJtqwUE9AXB06eO330oIuHjy0PwQAAsBZoBLR9m763R1Neoi0v1ZaX1pWDgAAAMANUAhro69WWl9WVl9VVlNVXlE9PTW5wdDhwEoZgAABwg+oa0EBfb11FWV1leV1leX1lxczU5EZHB7u5CA0AgFVA9C3Y9kGdrqG68lV15avqqtfVVTNTUxvt5Wt4AACsBarfAQ316xrV1Y211Y3qmje16pnpKbv5HRAAANYCiYC+3u0yrO9v0tQ2aWubtZpmrWZ2etpufgkNAIC1QHMvmOuukQF9S52mpU7bWq9trdfOTk/bzb1gAABYC1R3w48ODrQ11Le/wuPdzIzd3A0PAIC1QDMf0F7XsaHBt68b3r5uePv6VUfjKxAQAACmQTQh2Z6x4aGOxtcdb/CwJwFlmoflGgAA7y2opmQdGx7qbGok4t3szEf2Mid0ZmYmc5PGxsbGx8cnJiYmJyenpqZAQABgCVAJaHx4uKv5TVdzExZzs7N2Myk9U0A0+yxHQDqVUKjSWabBq1evOaVplJ6enp6enkrNCqqw1u4CrA0yAY0Md7c0dbc0d7c297Q227GAaPaZnp6enp4mC0joaYTzrOM5oyx6si2pcCIz11qmS9MoPVe2MSCg9xuUAmpt7mlt7mltsWMBjY+Pj4+PE+qZmZmZnZ2dnZ2lCIg4VXQqIZeD7EtAK8mw3K4PpQoQ0PsKKgFNjI70tLX2trX2trf2trfOvbMrAY2NjWEdH5p63hlgF9AitROB94qEKh13Ou01/V0yhrGNp6dSpRIKVSqlocvFXMuYwl4P1h6VoUR6KUql0JDLk7GWjq1CWgs9MYnQiie3mbTDWKqgCYj8kqsNnBuo1HA2GLA5EAoIU09ve1tfe5udCYg84JqZmSG8M2eAU0CLGqWnUoP/u7i4SDujGOnkBdZ3F4nXpBOX0tVirqVREu9y1UsugRg28QzBsAKM6xKrUvs7lG3BM+HZebqHrFXwC4jeBt4N5GkwYGMgFVBbb3tb39u2vrf2JiCafQjvzM/PmyUgcgcE6wKQzgr6JSOWzhHpXQz+E5K1LnJOc/JwLdA6NQbBscuEVWHY+c9zXYlZhekeELUN/BvI02DAxkAloMmx0b63bX1v2/vetvd1tM+9e2dPAiKPueZImBYQ1yUMnksbJi/9Mt9i1QfPu+bkYS7oVELymI5eDttZvVQBcVVh7vYa2sC/gTwNBmwMlALqaO/raNd1tOs63tqZgJj2mafCISBi3EEaBGEwB0fkt/A0tncZmUil0SolMH4VZTjBudpDXSYqYVgAL8eQrqQ4g7VYtiEYj3wZVdAFRB5OsbTBxAZyNhiwMdAJaEzX8VbX+VbX2aHr7Ji3LwGx9n04BeRJHkIYUtkHL2yXhw1/mqkXoRmXS0lvYRehdWxv4WsZLgcTl5M527NIOSvxlhjWIq4q4ymU4Q9LGznGhtSRJhX2KtjMRt0iRht4NpCnwYCNgVBA/Z0d/Z0d/V0d/V32JiB++9AEBAAAKlAJaGp8DFNPf1dnf1ennQkI7gUDAKuAVECd/d2d+u5OfXfX/Jz9CAgAAGuBTkDj+u4uzD4gIAAAzAK1gLr03V36HhAQAABmgExAE+MDPd1EzM/NgYAAADCBRXpAMAQDAMAcEN4N39PWQoQ93Q0PAIC1QCWg3vbW0sdZZY+zsZgcGwUBAQBgAlQCatFqHsZFP4yLzoqXZ8XLRwf0ICAAAEyATkC1D2KkD2KkmTGyzFjZCAgIAACToBOQ+oFCSjgIBAQAgGlQCahZq36gkBAOAgEBAGAahAK6r5AQDgIBAQBgGhAQAABWA62ACAeBgAAAMA0yAWlwAWEOGtGDgAAAMAVKAcmjCAeN6PtBQAAAmMA+BLSwsAAOAoA1RkN7z8LCgpmZzRKQwUGIBbRocBAEBMSaCfPtswQByaMsIiAAAN5nliAgeRQICAAAlJgU0D0QEAAAFsKkgO5Gi+8ZYkTf/9F6JxAQAABo4BGQ+z7XptqaDFlkhizyrizyriwSBAQAAEp4BHR4r+sbdXWaVIRFulQ0DAICAAAhPAJy27O7sabqTmRoijgsRRyWIg4f7tdtcgIBAQCACB4BHXJ1eV1deTM86FZE8K2IkFsRIUM63SandSAgAADQwCOgr3btbKgqvxEScCMkICk0MCk0cFDX9+E6RxAQAABo4BHQAZcd9RVlCYHXsEgU+g329W4kBOT93bH9+0FAAAAsHx4B7d+xXVteGut/GYu4gCsDfb0bHB12u588d+4bDxeX73ygBwQAwArgEdCXO7Zpy0oU13wU13wU13wV13wHens2ODp8ceDkudNHD7p4+MAQDACAlcAnoO3bNGUl8qs+ROhBQAAAIMRcAV3zUVzzxQR04CQMwQAAQIHJa0AxfpexiPW/MtDbu9HRYbUvQmeaB/J6AQCwNLzfgm2vqyiLD7waH3g1PvBaQuC1AfK3YKv2NXxmZiazcWNjY+Pj4xMTE5OTk1NTUyAgALBHTPwOqLJcGeyPR0iAdX4HxBQQzT4IBKRTCYUqHX8KKixX8krQKD09PT09PZWaJa5om5tjm60CGPAI6OvdLq+qKpLChElhwuSwoOTwoCFdnxV+CU0TEM0+09PT09PTZAEJPcmY9zFcuYDMz2+5kpePRmnmjiIgWmUhd6+wEBCQncB3L5jrrsaaqtuiEDwiQ4esci8YWUDj4+Pj4+OEemZmZmZnZ2dnZykCWsYn7z3vAelUwqV2fXgEhKpJIKD3AJN3w6dGhRMx3K9Dfze8ySlmMzMzx8bGsI4PTT3vDPAJSKcSClUqfISBn2c6lZDSRdKphEKlUkhLMZxgHJ0pyjtYfra6yJUZcy61ZI5y6HWxFKHUcOwEA4bRF1Es+4rklUgNVCrpJRsazL59JnYRY9colaTNJ46eoW1cTSV2mkZpshds9UmU11jw7WsGfPMB7XVtUtekSyLSJRHpEstMx2FOczMzM8kDrpmZGcI7cwY4h2CGMwr/oDOHGhqlp1KzqFMJDW/gi/gnGHt7EX+DdiIZSzV84lnq0ijJp9myS2Yth3O7jJnxwvh3grEBvCuyrsIs2dg80lZQto65ixi7gtIkXKnNcfwAACAASURBVGtKJVaQRkndISxNZbQBWDWW5CDeCcn2EBOSYYFYQGY2NDMzk2Yfwjvz8/MsAuIZTPH2Jox5PClCIUH+NGMdB+qZw6yLK8USJXNtMrlHwMy8yHras61ozioUw7L0zNjzM3cFKZvBN0oN1vUh/uXfRtbagVXBfAeZMyUrESP6/o9W/8GEmZmZ5DHXHIllCojU32E/mckCMtF/N5xmXFIgdzdoAlpSyVzlMLeRucnWERB1K7jaxrUrSIk6lVCpwSyEL5IHejzbqIEOkJVAKKB71DmhrfBk1MzMTKZ95qksWUCkD7cnM8X4B5Y08KGhUynJDtNwSYFkDkYHYQklc5bD2MbFRfaRlDkC4l+Rtgqjq0IzLGUrdKQVWXYR6zUsYx9QKSR0p1QqlcTVHZPbuPSv9wAErDUBsfZ9OAVE6c8TJ/Di4iLlc0m5xkkbkZFy0gdrxnYZr93if5u5pEC6yMt3UZm/ZJ5yFjmcwjGi4RUQ74pUsOYYLxIvshiWZeNYW8K2K/DyaRqh9QRNb6MZV6EB1Kw1AfHbhyYg24V0sdUmygEAy7DWBGTX94KROi4r0gaqcgDA0qwpAQEAYF+AgAAAsBogIAAArAYICAAAqwECAgDAaoCAAACwGiAgAACsBggIAACrAQICAMBqgIAAALAaICAAAKwGCAgAAKsBAgIAwGqAgAAAsBogIJyFhQW1Wp2WliYWi8VicVpamlqtXlhYQFP6sh/mZ2lMz/e6gnXNL9xG9s9K9gawLEBAi4uLixMTE8nJySqVamhoCHt82NDQkEqlSk5OnpiYoGUmzaNo5vmCaLZPS5weJqedXt5bZmbAsZnZUEFAqw4IaHFhYSEpKamjo2N6erq9vb2srKysrKy9vX16erqjoyMpKYnWDzJ+Rs08cXQ2POP5SiSCSkC2s39AQKsOCGhRrVarVKrJycmKioobN27cv3//9u3bCQkJVVVVU1NTKpVKrVaT81Mf5EB77p1QpcM/x4ZH9Jn9MD+dinjkoVLD9rAYY2+FLRvP6rTmLTJmVjaceKRk+gzM+JzTjM3UUfxBVTKpSWxVM+av5t8/rBtC3jPUZXpevmPEKIfWDOYeY+YxFmgDY0n7AQS0mJqaOjQ01NbWdv369YaGhtHR0Zqamri4uPj4+J6enqGhodTUVHJ++nMymE/L01Ef0cf/JAmKJoh58Nke1GAsnC0b5+rMh/lxPQGRBLESpfEcDyAj3qFNQU00iWdfmb9/+B/QyJzunvKwQ1PHiGP/GIph7LGlPtAR4AAEtCgWi2dnZ4uKipKTk1taWmpqap49e/b48WO5XF5VVTU7OysWi8n5uf8SGv74cZ0e9EdKcDyEizX/IuO0py3wpPM0j7kuc+tMbyZ+etOnwGfdXlohS9o/zHVZKzI+aYOt/8J6jFj3Bs9hMvNQAqZAJqBaOxdQaWmpXC5XqVR5eXkqlSo7O1sul9fW1s7MzEgkEnJ+vifVsKZYXUA8zSPnIXVYTDeGmqJReio1jEdw8G/vsvcPE85s1Ec2cq3CtYeJZph81iMIaLmAgBbv3LkzPDzc0dERHx8fGxv76NGj7OzsmJiYhISEoaGh4eHhO3fukPMzPluMp+VxDhDMewogWgGxPMzPeD7pyE9bJFVndJFxLMO7mTqVkPlQLVqBtLHMUvcP7wMaiQEXsUXUhx2aOkaURNYhGE3NS3ygI8ABOgHV3JNF2qWAampqcnNzp6amamtr4+PjFQqFQqGIj49vamqanZ3Nzc2tqakh52f/4JJHLpwCYr9yaWEBsQ2sDFd+jU9bFBouH5HTFxeJvEKVjncz2c45Zr2siWbuH64Cqe8YWs542CH/MWIeAtpAj/asRzMPJWAKEJDxa/iZmZn+/v7Xr183NjaOjIy8e/eO9Wt4gIX357IrPOsRKYgFJIu8J7M3AS0uLk5MTCQlJeXm5g4NDb179+7du3dDQ0O5ublJSUnMHyICTNb8WQnPerQQFhBQpP0JaHFxcWFhoaamJi0tLSIiIiIiIjU1taamBvo+AGBRQEAAAFgNiwhIFgkCAgDANAgFdFcqImJE3//ReicQEAAAfCARkPs+1yZ1dYYkgojhfh0ICAAAEyAR0OG9rm/U1WlR4USAgAAAMA0SAbnt2d1YU3VHFGKI0KF+3SYnEBAAALwgEdAhV5fXVZU3w4JuhgXdDAu+GRY8pOvb5LQOBAQAAB9IBPTVrp0NleXK4ABlCB6Dur4P1zmCgAAA4AOJgA647KgrL4sPvIaH8NpAX+9GQkDe3x3bv9/WBfT777/39vZqDdTV1fX29v7+++9oSreROY+ZrOSupWWva/W9Afdq2QxIBLR/x3ZtWUmM/2UiBnp7Nzg67HY/ee7cNx4uLt/52HYPaGZmpr6+vrGxsbOzs6mpqaWlpbu7u7Gxsb6+fmZmhpYZ5oReWXuYd5avOiAgmwGJgL7csU1TViy/ekl+zUd+zVd+zVff27PB0eGLAyfPnT560MXDx5aHYL///rtWq3379u3AwEBbW1tzc3NLS0tHR8fw8PDbt2+1Wi2tH2T87MKc0Ms4jcl7AwT03oNGQNu3aUqLo69cir7qg4U9Cai3t7eurq6vr6+5ubmtra2zs7PbwMjIyJs3b3p7e8n5qTPUwJzQZKPQlcwokLw3iOmiOQvnnLOZtEzfuCWVw5x2g3W2EPZDZpNjansDsYCuXIq+6kP0gA6ctIchmFar7ezsbGtra29v7+rq6unp0ev1w8PDg4ODAwMDer1eq9WS8zNm7YI5oTnmhDZRoKnC+aYuI2eDuZ/tGITXgBTXfLGI8b8y0Nu70dHBPi5Ca7XalpaWtra2np4enU43ODg4Ojo6MTExOTk5NDTEIiDOv5CGP4pcE5LRZ95a63NC8xdobuHU0ujrwtzP9g2ib8G2a8tLYwOuxAZciQu4Gh9A/RbMxr+G12q12MhrcHBwZGRkfHx8cnJyenp6enp6ZGRkYGCAqweEw/wU2pqAeJpHzkP0ocxpDDWFc05ongLNLpyv5fgbMPezvYLqd0D1leWJQX54BPsP9tnP74C0Wm1vb29fX9/IyMjk5OTk5OTMzMzs7Oz09PT4+Pjw8LAJAcGc0Hg2U3NCc1nYnH1Iz29sOcz9bNcgEdDXu10aqipuhAbeCA1MChUmhQkH7eiX0K2trW/evBkZGdHpdBMTEzMzMzMzM9PT06OjozMzM83NzdwXoQ3QBhqcAmK/omlhAbGNg1ZnTmjWAqkZzSucZU/D3M9rAzT3grnuel1deSsiGA9RiD3dC/b777/X1dV1dnaOj49jV3+wC0DT09NdXV11dXXIfo64hll7l2PX/CyztgGqu+Eb1VUp4jAi7Oxu+JmZmbq6uqampqGhodHR0fHx8bGxsaamprq6OuYPEQEma+ZshbmfVxk08wFRpuOISLPH+YCwWzHq6uqIuzFQ3ooBAAAbiCYk29NUW5MuFRExDDMiAgBgElRTsjbV1mTIIokY1vd/BHNCAwDAD8o5oWWRRMCk9AAAmAYEBACA1QABAQBiWltb79s56XezlhHL2FcgIABAzP3797u6uqzditUGBAQANsH9+/et3QQEFBQUDJtHQUHBIgho7aFUKpeUvuwC0cJay+pUbSOAgMwHBLSoVCrJpwftpcl1LdMovsKXV+mqKQC5N+2ONSygS77+ICDErERAFgUEZKesVQFdV97CAgSEEuzEYP67aJAR+SXXWkQ2k/lZc9Law6yXtViTzeN5yVO+yQzMFprTbFrLmRu+ZuAWkEZJn8PIdm86owno5cticoCAkMEjIFoeZgbWl6zl8OdkVmROISZz8hRrZo3LaBJXIxe5t3qNwSogfFYPyhRuhnSbVBBcA1pOK5cBjxS4/tTTli0tIFozeJpnUqDEWrSXrOWb3F7+FP5mrGE4e0CUqems/WgQU9iXgJpqazKkorvSNSQgfumw5rR0D8hk88wREJFiZublCYhWC1cz1iRLE5CtzmVSsBQWbUNAGVLRXanIXgVESzHnDF9lAZFTzPGjOYkmlbcSAXG9tbZNBAIyH+QCylgzAlpkjHFMuoB1gbUEnlORtgo5hb9wrgK51mLWyJXC1QD+LeVpGAgIhmAYFhGQ1K4EtJbgObGtfs5bvQGrhhkCsr+L0Db+LRhZQBlSEQjIOvCf5FZUwPtjn0X+b8GMX7zb2dfww7b9OyAQEADgrNUfIg7b8C+haQIaBgEB7y1rWEB2cQ0IBAS814CAzAcEBACIWTMCstOv4UFAwHsNTEhmPiAgAEAMTMlqPiAgAACsBggIAACrAQICAMBqIBQQ/dHMICAAAPhBJiB1TbpERMRwf/9H60FAAADwgkRA7vv2vFFXp0kiiBju13203sk+BJRpHpZrAAC8tyASkOsbdXVaVDgRdiYg5iaNjY2Nj49PTExMTk5OTU2ZEBB2l7OF5lVgFmuJinjK5K9u1WaTWHZFS1oR1eYse3+uPlZtDyoBNaqrUqPCibBvAWH2ef36dWVl5dTUFJuAdCqhcX5f6wiISGcuIKmFqzrzV0RS+8orWtLRsREBrbwZ5pdg/wI6vNe1sabqTmRoSmRYijgsRRxmlwIi394yPj7+4sWLvLy86enp6elpuoB0KqFQqSSOm3V7QJZWwCr0gFZBQJbIvLxyoAdEAqGAbotC7ohC70SG3okMHerXfbTe6eDBg99+++3Zs2d9fX3tSUDj4+Pt7e15eXmlpaWzs7Ozs7M0AWGHTKM09IGYXRLyVC+UdGIWKsosMKTJYkhS86Sm0VLwYo2pRiWyNUBFnX6GXiOr5liq416RVinbJpDaSq6Lmswsx7jTlUoh115inEMm248nEmV6KjXGzWEcEfLEYYYjz6ydedRMtYf2+VEpPT09lRp6Cml3cFfB2DTzSmA5gqsnJDQC2uP6urrqVkTIrYjQ26LQ26LQoX7dpvVOJ06c/OWXc/7+/lFRUTYtoLGxsbGxsZGRkbGxsdHR0ampqaKiomfPnnV3d7979+7du3dUARmOGGEgioA0Sk/aZHf47Hc6lVCpVOKTUXEdYjyvsZBFRrGmhmCMBuhUQmJdozWpNdIFxF0d+4qsW80owdgKplyIuUo5pgrUqYQk4XvilXJNbMrRflobSGXia3BtJssCs3bmUTNvfxrbxtxjtAPHXQVz08wswdh4K8wSi0RAbnt2v66uvBkejMWtiJAhHSagE2fPnvXz8xOLxTYtIOxic19fX3Nz89TUVHd3d35+fmlp6bt37+bm5ubm5igCopwtpF4A6wcL/6hiR1ipwbo+9A6QuX8e2VNoC8wGMNflr3GR+hHk7N/R/9KaqhSbA5BtAkDmtiwyDMRahScZ7szUPw+e7GeaRukpVGk4NhPPQP17QquddT+b3J8rTDHuRLZNM79Mnp1pSZAI6JDrrldVlclhQVjcDA8a0vVtclrnceLE2bNnr/n5Rdq4gLCvusrLy58+fTowMFBWVlZQUNDd3T1ngCwg2pHCRw28AtKphEoNZiF8kTEAI/XhV0FA/DUucp8wXCsyKyV3tejnOePzvWwBcf2h5t+BRBu4BMTcTEMOpcbQU2DWvgoC4tyrBNRNM6cE1g/AaoFEQF+7ujRUVShDApUhgTdCAm+ECAd1fR/akYCmp6dnZmZGRkby8/Pz8/MLCgpKSkqwwRdTQJTTAjucjL+x9EGETqUUEqeYUqlU0sfupE+7oZ8sZAw3qCmULgn5lGAbgnF/sumlUTaMkYFzRdYhGF1VSuY5TbTKOLzhHoKRq6aN8uhwtp/SBg2pISyHkrz/iRe0MRtvpfztIV+TMbe/w9irpP3DsmnmlMA4gqsJEgF9tculvrI8McifiMG+3g/XOXp4nDh79uy1a36RkbYtoJmZmdnZ2cnJyYaGBkxAnZ2d8/Pzc3Nz8/Pz8/PzZAGxnKi0g23sI5Gf/UT63DL+1BATlBsvJBuSOFOof5k9TV2Epv3ZpNfI/APIUR3nisytJrLiHUXja+bfWnwTVLwXoeljIo5EvvZT20DpzVL2FcsRIe8+rtqZR42rPaS1WQ4Bp4CYe5X5IWL0yvlLYDmCq3cZGomADrjs0JaXxQZcJWKgr3fjOkcPD4+fz569du2aKDLSpgU0OztLdHbq6+sbGhrmqcAvoVeEjT56b+lXW9n+eFiNle9VGzguSAS0f+d2TVmJ/JovEfreng2ODriALp46tn+/TQuIsA/GPAMQ0DIg/aG19seciyUKyAZOWAR71aaOCxIBfbl9W21psfSyNxGYgHa5efz881+Pu7j81yWRTQsI7gUDAKuARED7tn+hLikS+1yMwsL3Yn9P93qHD/6y3+Pn790Puhy/JLJhAQEAYC2QCGjvtr/UFBdFXvpNjIUPXUDeICAAAJig6QFt+4u6uEjs85vY5yIWmIC+PG4YgnmvVQFZ6dcTALA2QDcEK47y9Yry9ZL4ekkue+t7ejY4OBw/fvznn3+++pttX4QGAMBaoLkIvWNbbWmx7MolLKKv+mAXoXEBXb0aEbGGekDGX0vw/IZCpxIybwJkKYLzZlEAeB9A8zugndu15SUKP1+Fn6/C73KM3+WB3t6Njo7Hjx8/8/PPV65ejYiIWDsCYrnlj/3GS677P5d4sygArF2QCOigyw5teWlc4FUs4gOvDfT1frjO8fjx42fOnLly5cqaEtAyb/kj1ue/pwkuKgHvE8huxagoTxD6Jwr9E4P8rwf5D/b1fbhu3doU0OLiIv2WP64b/MgpxKogIAAwgOZm1N0uDZXl14MDrgcHKIMDlSGB2M2oxwwCCl9LAmK7m5HrBj9SirEAM24WXb2tAQBrgmo6joaqihuhgTdCA2+ECm+ECgd1fZvWrICYt/wtct/gt8gxbwPbDZDsmQFg7YJuPqCKpDAhEbiAjh376cyZy1euhIWHrx0BmcAW7hcCADsBzYyIrrvJE5Ilh+ETkh07duynn366fPlyWFjYGheQTd3gBwD2AggIAACrsQoC8gUBAQDACiIB7XpVVZEcJiSCIiBfXxAQAAAsIPwWjHkR+ujRoz/++KOvr29oaCgICAAAOigFFCokAgQEAIBpUP4OKAQEBADAUkAoIGVIoOG3iIFkAfn4gIAAAGADrYAIB2ECOnLkqKfnjz4+PiEhNiwgmBMaAKwFMgFVViiDA7G4EUII6Iinp6ePj09ISIhNC4i5SWNjY+Pj49gjm6empvgEZJs3T9hmq+yI1dmBhh+wWvbXqzb8YUD2ZFTDzajXgwOUIQHYzaiYgC5dumRnAqLZhyYgTyosj6BDcrxXWIgNf+aWxvI2hHWtJRXFM4cBJRP9KYlcDzFkY7Umf2K9G9E2Ph6WEND1YHsWEM0+09PT09PT9B7QKtw+CgLCQLghyAWkUwnJf39YXvJWR3/4tMWw4Q8Dquk46ivLE4MCiBjswwV02tPz0qVLwfYioPHx8fHxcUI92CObZ2dnTQqIMqGq4V3K5K3UdekTsNKzkl5THrhMTONhuI2efWpX0hxDGiWlejZ18lRufJw5c0NMroifkJQtJU1dS+QxtJn5Lq1EvnaQn4Jt2HxK4Wy7lHUnkBrGLyD6ZFDEa2JTeT4G5NsHDVNosh9KSn34/lRq8BXY9yq1fKWK4yNq1kfRsiAVEPXZ8E7r3I8cOX36tPelS0HBwTYtoLGxMazjQ1PPOwMmBESbUNU4Kytp8lbyuvQJWEl30JMnmcarwN/VqYRKJVaQRkmdB5ZlaldGG9hbztJORmP4NsTkiobKSJPW4mDZyW1mvsu2H+hbQc1uLJY2MS77vmUzC7kE1v1GSyIMREqgnOSse4++adyHkrLDDRV4Uqum7wjqgef7iJrxUbQklhWQu/vp06e9vb2DgoJsWkDkAdfMzAzhHeJhzeYOwUh/WHTErIm0+tgVQIY+SZDBN0oN1vUh/uWfWdHM2mntZGkMx4aYXJHyCTacK+RstImTFhnvLlKtwdxL5LaQ3Ew9EIxtZz18JhvGeRmFtGnk8vk/Bjztoe867vzLaDy5bWZ+FC0JMgFVlCdiU7IK/ROF/oN9vR+usx8B0exDfkj8CgSEwfj8mcjPkk2nEio12JmFL5IHengOtqldNcyLDJx//KmTzLLsJ1Ma4jtFF/GzVEPqE7GeA7R3WRfYwayM+2fJAmJWbUpAtFMVPzjkQ6bi/RjwtGepAlpS400KyPK9HjIIBZQg9CdiwL4ERB5zzZFYkYB0KiX9ZOJalzk+oXaidSqlkPjIKZVKJXF1x+TUrvROOqlY/HNLbyejMdwbYnJFY3Zyz59aO+ueNJ5Txgaz7SVqbUol7h/O85DoXTJ2Al/DGJtOH+Mwtg43Ds/HgJLAeyiZ+dm7WuT9Rm2e+QIytZORg1RAfkRgT8Vwd3f/4Ycf7EBATPvMU1nBEIxxNY91XR1j6GH4o0nXCG0CfI5RG+3DTT8NsXrwa7GMdtIbw7EhJlekdBKMlxootVPPNPq7tP3AtpcoO5bnaSXUohg7wUTDFmnbQi/Z0L8jJxqvqnA0md7x4TiUzPyMBZb9RmowpS9mQkDsH0XLYVEBHT7s/sMPP3h5eQuFti0g1r4Pn4AAc1j1/jxgd6B6LE9dRXm80I8Ig4AO//DDD15eXkKh0KYFxG8fENAyAQEBpgABwb1gAGA1EAloZ11FWbzwGhH2JCAAAKwFQgHFBV6LE+IBAjJgI8MQG2kGAFBBLKBAuoC+//77ixcvBgYGgoCsWvuym7GMElZeKfDegFRAV+MCr2IaAgEZWDMCsugqwPsKymtAgVcNgQvIzQ0XUEDAGhIQ6XcSQpUOP9+47+hjuROV9ssLY176DzFo5dN/5cdsBrVkUkFKJW8juTaEXgLxwyIiD70ZrKuw/ciF3hjgvQTdt2Bl8YHXDOFnEJCbQUABa0dARpi3U5J+e0a5KZRYhfVXi6Zv6eQ9S5k3T7L+Ys3kbYcseZhFUX9iy2wGyyq8d1qu1pQ4gG2C9F4wPyKwe8HWqICYv/dl/yU0KYW8LtuP382+pXMpzWBdWKTohrMiM371z94M/lV07PesgYDeW5BOSOZPBHY3/Np8MKGJ2ymXLCAMM2/pJCWabAbrAmt+nrbxC4jZDP5VQEAAFaSP5QkkApsT+uDBg99+++3Zs2d9fX3XkIBIZxxH14MyRxXjRqwl3wvKd1sQuRm0ksnVcfS8OCuijN3IJVCHYMxmsKxi1k2zwPsJmkcz79nN+mjmkydPnjt3LiAgQCKRrB0B8d21SCwbMjFnjCaGLObeC8pxijLvP2SUbMzGOgegWYM4ZgmktYi5gkxUynYRGgQELCIS0OG9rq+rK29GBBMxpOv7aL3T2hQQAACoQCigWxEhtyJCbolCbolChvp1ICAAAEyAREDu+1wba6pui0Jui0Jui0Jvi0JBQAAAmAaNgPa6NlZX3o4INgT0gAAAMAOU14DCgwwB14AAADADhN+CJYUGGkI4uIa/BQMAABWIfgfk0lBZfj3I/3qQ//WggOtBAYN9ICAAAExhgbvhr8YFXsXuBQMBAQDABxIBHXDZoS0rUVzzJULf27OREJD3d8f27wcBAQBAB4mA9u/YXltaLLviTYS+t2eDo8Nu95Pnzn3j4eLynQ/0gAAAYIBEQF/u2KYuKZL4XpT4XpT4ekl8vfp7ujc4Onxx4OS500cPunj4wBAMAAAmaAS0fZu6pCjK5yIRICAAAEyDTkDFuH18LxI9oAMnYQgGAAA3CK8BSS97YyG7cknf27PR0QEuQgMAwAeib8G2a8tL5Nd85dd85MxvweBreAAAWEH8O6CAK7EBV2Lhd0AAAJgDqjmhGyrLE4P9E4P8EoP8E4P84ZfQAACYBs29YK67XlVVJocJk8KESaGBN/B7weBmVAAAeEF1N3xjTdXtyNBbopBbEcFwNzwAAGaBaj6gN+rqlMiwlMjQO6Kw25EwIRkAAGaAaEbEPW/UNalREalR4alR4SniMBAQAACmQSKgI/v2NNWq06WRaVJRmkSUGhUx3K/7aMN6EBAAAHygElCzRn03WpwhFaVLItIkEcP9uj+CgAAA4AehgO5FR92VRWZIRelSEQgIAADToBJQi7b2vjzqXrQYc9Bwfz8ICAAAEyAU0AOF5J486m60OEMWOawHAQEAYApUAmrVajJjZPcVknvRUXdlYhAQAACmQSagOs3DWNmDGCk2EBsBAQEAYBKUAoqLzoyVPVBI78ujQEAAAJgGlYDa6rRZcfKHsdGZMbIHCgkICAAA0yATUL02K16eFRf9MFaWGSMFAQEAYBqEAsqOV2TFy7GB2MiAHgQEAIAJEAroUYIiOwF3EAgIAADToBJQe732UWLMo4QYzEGjICAAAEyCTEAN2pzE2EeJMY8SFNnxChAQAACmsYCAYrITUAtoYWEBHAQAa4yG9p6FhQUzM5sU0OPrsTnXcQchFtCiwUEQEBBrJsy3j/kCwhyEXkAAALzPmBJQ3ePrsbiDEmNGBwZAQAAAIMMMAcURDhodBAEBAIAO8wSEOwgEBAAASkBAAABYDbMFFPf4euwYCAgAAIQsRUBxICAAAFACAgIAwGqAgAAAsBogIAAArAYICAAAqwECAgDAaoCAAACwGiAgAACsBggIAACrAQICAMBqgIAAALAapqdkNUxIhk3H8dF6JxAQAABo4BGQ+z7XNuypGIYAAQEAgBIeAR3e69par81KUBAxOqAHAQEAgAweAbnt2d2irX0QKzNE9MiAfpMTCAgAAETwCOiQq0uzRn1PHnVPHnVPLrknl4zo+zc5rQMBAQCABh4BfbVr55vamjRpJBHD+v4P1zmCgAAAQAOPgA647GhUV98WhxMx1K/bSAjI+7tj+/eDgAAAWD48Atq/Y/ur6qpkUQgRQ/26DY4Ou91Pnjv3jYeLy3c+0AMCAGAF8Ajoyx3bGqorb4QH3QgPuhEefCM8eFDXt8HR4YsDJ8+dPnrQxcMHhmAAAKwEBB7TtQAAFt9JREFUPgFt39ZQVakMCyICBAQAAErMFVB4ENEDOnAShmAAAKDA9DWgiJCkiJCkiJBkUehQv26jowNchAYAAA2834Jtf62uuiUOuyUOu8X8Fgy+hgcAYIWY/B1QqlSUKhWlSkSp8DsgAADQwiOgr3e7NGnUGfKoDHnU3WjJXXkU/BIaAACU8N0L5rqrRVv7IEaGxf1YGdwLBgAASkzcDV+nyYqXZ8XLH8bLH8bL4W54AABQwjcf0F7XtnptdoIiO0GRnRCTDfMBAQCAFt4Jyfa0NWgfXY8lAgQEAABKTM4JnaOMI2J0cOAjmBMaAABUmJ6UXhlHBExKDwAASkBAAABYDRAQAABWAwQEAIDVAAEBAGA1QEAAAFgNEBAAAFYDBAQAgNUAAQEAYDVAQAAAWA0QEAAAVsMMAcWDgAAAsAggIAAArIZ5AooHAQEAgB6zBRQPAgIAADEgIAAArMZSBBQPAgIAACUgIAAArAYICAAAqwECAgDAaoCAAACwGiAgAACsBggIAACrAQICAMBqgIAAALAaICAAAKwGCAgAAKsBAgIAwGqAgAAAsBogIAAArAYICAAAqwECAgDAapgW0PU4IsYGBz5a7wQCAgAADTwCct/n2l6vzUmMJWIUBAQAAEJ4BHR4r2tbvTY7IYaI0QEQEAAA6OARkNue3S11msy4aEPIRwb0m5xAQAAAIIJHQIdcXZq16nsKyT2F5J5Cek8hHdHrNzmtAwEBAIAGHgF9tWvnm9qaNFkkEcP6/g/XOYKAAABAA4+ADrjsaFRX3xFHEDHUr9tICMj7u2P794OAAABYPjwC2r9j++uaqpuiUCKG+nUbHB12u588d+4bDxeX73ygBwQAwArgEdCXO7a9qq5MighOighOighJiggZ1Ok2ODp8ceDkudNHD7p4+MAQDACAlcAnoO3bGqorb4QHEzGo6wMBAQCADHMFFBFM9IAOnIQhGAAAKOC/BvSquipZFIrFTVHYUL9uo6MDXIQGAAANvN+CbX+trrotDr8tDr+NfwvWvxG+hgcAABUmfweUKhXhAb8DAgAALTwC+nq3S5NGnREdlSGPuiuX3FVI4JfQAACghO9eMNddzdra+zHSBzGyB7GyB3HRcC8YAAAo4b8bvqVO8zBO/jBenhWvyIpXjA7o4W54AACQwTcf0F7X1jpNVrw8K16enRCTnRgD8wEBAIAS3gnJ9rTWaTD1PEqMfQQTkgEAgBb+KVlb67S4fa7HProeNzo48BHMCQ0AACpMCUiTnaB4lBDzKDE253osTEoPAABKTAhIq8mKk2cnKB4lxuRcjx0FAQEAgBB+AbVoax/GRWfF4w4CAQEAgBKTAsqMlT2Mi86KV2QngIAAAEAKv4CateoHMdKHsdHYQGx0AAQEAAA6TAhIo76vkGTGYJ0g+eiAHgQEAAAy+AXUVFtzTx71QCHFBmIgIAAAUGJSQHejxfcVkgcx0sxYGQgIAACUmBCQuiZDFnkvOgpz0AgICAAAhPAL6I26Ol0qIhwEAgIAACUmBZQmicAdJI8a0feDgAAAQAa/gBrV1WlREekSUYY08q5MDAICAAAlJgRUU5UaFZ4aFZEmiciQRYKAAABAiUkBpYjDUsXhqVHh6VLRMAgIAACEmBZQZBjmoDRJBAgIAACUmCGgUNxBUeHD/ToQEAAAyFiCgMQgIAAAkGJSQHdEoXcMDgIBAQCAkiUIKNI8AUFAQECYH+YICHOQaQFZz6QAANgxfALCIjLUtIAAAACQwBTQEAgIAIDVgS4gEQgIAIDVAgQEAIDVAAEBAGA1QEAAAFgNEBAAAFYDE9BtUSgRQ/06E8+GB4BVQ5lff0iU+/nlzLURh0S5yvx6/k2OjIy8cOHCmbXChQsXIiMjuTYWF1BECBFDOt1H651AQID1SXxa97mk8M8V4395vbA24s8V459LChOf1nFtsjAoSCwW63S6hbWCTqcTi8XCoCDW7XXf5/q6uvJmeDARQ7o+EBBgExyMUP25cvz7trn20cm1Ed+3zf25cvxghIprk8+fP6/X6+fm5sbXCnNzc3q9/vz586zbe3iv66uqiuQwYZIhBkFAgI3w+eXMv7xaaB+dHJtYI9E+OvmXVwufX87k2uQzZ84sLCxYWxqIWVhYOHPmDOv2uu3Z3VBVfiMkQGmIQV3fJqd1ICDA+mACahuZGB1fI9E2MmFSQPPz82Nri/n5eS4BHXLd1VBZfj3I/3qQX2KQX2KQ32BfLwgIsAkwAbUOT4yMja+NaB02S0CruZNXAR4Bfb3bpa6iLD7wmiGuDvT1fui07sSJE2fPnvXz8xOLxSAgwDp8fjnz31/NtwyND4+ukWgZGv/3V/MmBTRiU9QEbtkSWLOCAngE9NUuF215WWzA1diAq7H+V2P9rwz09n64znHr1q3btm3bt2+fm5sbCAiwDpiAmgdGB4cRR2XgpwIDWwLVg8Ojg9XCLZ8KK7EMaScFAoFHGvp6mwdGTQpobm5uaNmkniC2S3AidfnlkKkK2LIloGoFBczNzXELaKe2vDTG/woRmICOHz9+5syZK1euREREgIAA6/D55cx/ezXXNDAyMIwyygM+FXwaWI6/TPMQCLYEVA9UBm7BEisDtwg+9atEXCkWTQMj//ZqzqSABpdFhf8WgcAjxfAyxcO4vCIq/Lds8a9YQQEmBRTLENCxY7iAwsNBQICV+Pxy5r81zL3RD+uHEEbaccGnfpWklMrALVsCy4h/ae8ijTf64X9rMC2ggeVQ7r9li385SyrR1fMvx3P5e+BJHilYrhRDgsAjhbyOcRVGwUuAR0AHXXZqy0tj/C7H+F1W+F1W+F3W9/ZsXOd47Nixn376ydfXNywsDAQEWIfPL2f+X81MRWvXm3Z08fyK88dX8iiJNw4LjsY9v+L88f9xFvwf7+dIq6NGRWvX/9XM8Atoenq6dRnk+3wscE/gyZDgLnBPaM33+VhgyJfgLvjYJ5++JpbPUObHPvnYv8tpE8709DS/gDD1yP0uyw0COnLkiKen56VLPiEhISAgwDp8fjnz89rp8uaO163oIt9388e+Kkqi0k1wJCbfd7Pg44uXjgjo76KM8uaOz2unTQqoeRk89XZ29n7Kmk5cFXL2fkrOhi3TViTnFwgEgsPxXCWbDY+ADrjs0JSVyK/6EqHv7dno6OjufuT06dPe3peCgoJBQIB1wARU2vT2VQvCUH4t+PjiM1LKM9/NH/s+xv5tefv40seCw0qkNRqjtOmtOQJqWg7xbgJn7zxqWp63M5GY5+3s7J2H/dvEkUIk0gphFLwk+AS0c3ttaYnsso/sso/s8iXZ5Uv6np6Njg6HD7v/8MMPXl7eQmEQCAiwDp9fzvxT7VTxm/b6pjaE8cj7Y4GzzyP8ZeLXAsFm7/z6PJ/NeGL+BWfBZu98tJViUfym/U+1U/wCmpqaalwWKi9ngcAt1vAy1s0tVuXl7OylIt519lKRUhrxZZWXM2m1xlg3cinGbMtnamqKS0Bf7timLimO8vUS+3qJfbzEPl79Pd0bHB0OHDjwzTff/vzzWR8fXxAQYB0+v5z5J/XUy9etmjctaCPb62NijPFVXIvmTYsm12ezs082niHhK4Fgs1c+8npfvm79k9q0gF4tlycXSeOnQzGvXr2KOWQYfh065Ox88cmTi87OF58QubFl0mqHYqil0FZZFjwC2rf9i5riokjv3yK9fxN5/yby/q2/u3u9wwdffrn/P/7jrz/9dMbL6xIICLAOn1/O/Kxm8kVDs/r1GokXDc2f1UzyC2hycrJ+bTE5OckloD1f/KWqqDDst/NE6Lq71n/wwb59X544cdLT88fffvMCAQHWARNQQV1TdcObtREFdU3mCEi7tuARkOtf/r3qZWHIr+dCfj0X8usvIb/+ouvucvrgD3v27D1+/MT335/+9dcLICDAOnx+OXNrzUS+9k1VfePaiHztm601E/wCmpiY0KwtJiYmeARUWVgYdP4XQ5zt6+py+uAPu3e7Hjly7L/+629nz54DAQHW4WCE6l9eDrjXDD2tfb02wr1m6F9eDvDPB9TZ2Tk4OKheKwwODnZ2dnLNB7T7L/9eUVgoPP+LIXAB7dzp4ubm/s23//njj2dAQIB1SHxat1X84p+LBv6lenxtxD8XDWwVv+CZETEoKEgkEnV3d0+sFbq7u0UiURDHjIiGHtA5IjAB7d27z8PjxOnTnhcu/AYCAqxGXJ52f9iT1Zy22aKxP+xJXJ6Wf5MDAwPPnz9vgdmZrcP58+cDAwO5Ntb1i79UvXwZcuFXInTd3U4ffPD555+7uLgcPHjw2LFjICAAACzC3m3bqouLwr0uEqHr7l7v4ODu7n769Glvb++gIPghIgAAlmHfju01JSWRvj5E9Pf0rHd02HvQ3ePb06fPel/wBQEBAGAZ9u/cWVtWJr16lQh9b+8GR8eDbse+/dtPZ3/z9fWHu+EBALAMB3a5aMvLFQH+ROj7ejeuW3f4qMcPP5718rkmDI0EAQEAYBG+2r27rrIiLkgYFySMFQbGCgMH+vo+dFp35NgJzzO/+FzxCwmHOaEBALAMX7u61ldVJoYEJ4QEJwQHJQQHDfT1fejkdMzj5E8//+J71T8sIgoEBACARTi0x7WhqkoZFqIMC7keGnI9NHhQ17fJyemYx8kzP5+7ci0gXASP5QEAwDIc2uPaUF11IzwUC2VY6KBOt2m903GP/8AFFCkR7Nuxff/OnQdcXL7avesr191fu+7+2tX10B5juLHEHkOwvossDq0wXA1B35w9EBAQlo7Qa9fURS+TwsOIwATkceKvP//y61W/wIhIqUBdUlJbVqYtL6+rrGyoqmqornpdU9OoVjfWqt/U1jZpaps0miaNplmradZqzY06api/InNdc8oxs646bQsedS11da31yKLF/DC2wRh4s1naryFHE7Gg0TRpapnxRlP7plZtMhrVPFGDLGqqmfGaO6irG1uLbRp1V7AeU/PD9GEyfZSJY0c7UrSDUqtGFmxHfKVBfCq4jn5NjckDR4tX1VVEqItf5qanJkeEETGs79+03unkX789e+7CNX+hSCwTiHwuSa5clvldiwkMjA8OSgwNuREelhwZcUsceTtKnCKNSpVJ06Jl6fLoDEV0Roz8boz8XoyCFPK7eCiYQWS7G6O4a8zJFVi2mLuxWCjuxuLlZMQoMmLk6Qp5mjyaFPJ0BR5EjRkKeYZCni6PJiJNHp2hkN+NjbkXG/sgLvZBfGxmfFxmfNzDBGSRaX7Ex2XGxz7AIg6LmAdxMffJEau4H6u4h0WM3LiHFdFYZMijM+QycqRHy9KjpWnR0jSZhBmpUiyisEiRRKVIxOwRJb4TFWlO3BaLTERkBDNucQe2FlZ4SpQ4RSJOlUZh7U+PlmbIZXcV0Xdj5NgOwXbR/VjF/biYB+xh2MmkyDSGWQeL70BjxzEu9gFxvGLk97ADJJdlREuxSJdJkIWhTO6QUULOFqT86YbmpckkqZKoFInh0LMdSvrxEkXcFIVzRkQ4WTpEZCfdUMhkm50//uY//+v8BS//wOBISbQgzNtL5OMTdeWy9No1eYB/rFCYEBJ8PSxUGR6eJBIliyNvRYnvSCUpUklqtCwtOho3kSI6QyHPUERn4Oe5LF0ena4g2yE6XU68G50uj06LlnFHNNUslEiNjk6NlqXKZCky6R2p5LZEclsiuSOV3JFK70ilKTJpikyWGi1Li5YZssnuyKR3ZDIiUqOj0xWKuzEx90kOso6A8I8v6cRgOiiW5CCygMgOUlAclC6XpUdLcQcxNEQTUKqUW0ASdAJicxCPgOgOkoixpqbJJGkyaXq0NEOObzvdQbExHBriEVDsSgVEHESqg3ABGU71dIQOipaa4SAzNERzULQ0XSZJlUalko4+13EkHyw+AYnYBdSoVv/DH/+4fYfLd997XvT2FQaHR8kUgpDffgv18gq/5CPyvRx19arMz08eEBAbFBQfHJwQGno9LEwZEZ4kEt0Ui29Fie9IJCkyaapMSjrhpSkyaYpUkiKV3MGXKXFHKrkjkdyWRN2OirrFFRLJLYnktpQShGtuSaJuRUXdFIuTIyOTRCKlSKQUiW6IRDdEkUmRkUmR4mSx+GZU1C2J5KZEcjMqKlksThKLk8TiZHFUsjgqOSrqllSaIpOlKxR3Y2Pvx8U+iEMsoOVoKD6O6aAHLAJiOMigIUYnCP88pckYAjI6yKx+kJkOYvlTuex+kCic30FYJwjvBymiqQJSYOJm7wpxCSg+zpx+kHkOisEcdC9Gfk9hSQctox/E1FA0Sz8ojXAQ1gXmOI60Q8YrILqDSlRPYuXyj9avP/i125mfz/le8QsJi5TJ4wSBv/4qvHAh+OLFYC/vsEs+Eb6XxVeuSv38owMCFIGBMUFBccEhCaGh18PDb4hESZGRyWLxraio25KoO1LJbQl22kfdjBIni8U3xeJkcWRyJCWSRKIbkZFKkUgZIbrOFkoscKfQA9PN9QhRYnhEQlh4fGhYXEhoXEhoXEhYXGhYfGhYfFh4Qlh4QnhEYkTE9fCIxPCIxLDwhLDwxLDwxPCI6xGi6xGRN8RRt6TSVLk8IzbmHuag+FgbFVAsZSBG9INI9pEbekAMB8llrALi6gdxdYWsICCOThAWqVIJzUHUTlCMmQJCMhBjH1AbDhllIEY4CKGATDvIlID4BmJiYz+I+1AutR+UnZzUqFbHyuX/47//9z17v/T88ecLFy/5BQZHiKUxcdcFvV1dvV1dvV3dfd1Y9Oh6enQ9Pf09Pf29vf29vfreXn1fn76vb0CnG9DpBnW6wf7+wf7+of7+QSKwdJ1uUKcbYI0+84J7dawN+r4+fW+fvrfP+NIYOloKUeCgrn+ov39Irx/W60cGBrAYtUCMoA89e+j1I3r9MF/0D+v7SQsc0c8ZQ8hCt8Qwros3xthg/bAe33bGPrHEzmf/nJg+WHrmAeI9CksL/uO+7DB+HhAdR92QTjek0ymk0n/44x8/Wr9+z94vvz/944WLly5f9Q8JE0miYxKuJwsc//AHUnzg+IcP1v3hg3UfkMPB6QMHJwcHJweH9Q4O6x0c1zs6biDFekfH9fhbeDYnBwenD4xBLW258YcP1v3hA8c/fEBtMN5mZhgb7+Cw3sFxg6PjxnXrPnRywmLTeggIiFWKL7bt2H/w69M/nrlw8dK1gKCAoFCRWKaITbxxM0Ww58ixw0cOfrLpf23Zd9TN/ajb4Z3/+Pcf/t0/7XRzP+r2xad/9/ef/hlbwFLcj/75nz78xy+OYstu1Lfc3I+6ue/8x7//n1v20pZ3/uPff/h3m/7V1f2o295/dTCViJdPTXTYeoC7/KNuX3zqsPUAeXXXrf/z74w5ISAgVjUOux91P3Ls6PETHif/+p+n/vaD55lfzv92yfeqf2BwuChKJo9LUN68nXpX8IPnT9+f/vHoF1v+338+/LfvPf/2vdvmDz75Vw9P6rLb5g/+vAdL+UfXo99j73r+7XvPv3m4bvjgHzZ88VdDCtfqRKLnnn/+h837ORI9XDfgFXHlJC17uG744B/+HyL+2e1vHq4bjM2jlA8BAbGq8cOP35/+8fSPZ376+Zdzv/520dv3yrWAwKDQcFGUNDo2LjEp+XZaxv0swX9z+ic81u06fPHShYvffLruTzt/uHSBuvzd3j/9ce8Z7N8LFy/R4ru9f/pv6/73p8e5Vicnntn5T8ychsQf3P64zuWwodjD/x9PmfTMeMo/uX13kZETAgJideM3L5+L3r5ely77XL525VqAvzAkJEwkEstk8ri4xKTkW6lpdx9m5eT+/7QyU2hw32XZAAAAAElFTkSuQmCC" /></P></BODY></HTML> Fri, 22 Feb 2013 20:58:59 GMT https://community.cisco.com/t5/network-access-control/ise-auth-computer-based-on-ad-group/m-p/2114051#M142288 shekharmore003 2013-02-22T20:58:59Z https://community.cisco.com/t5/network-access-control/ise-auth-computer-based-on-ad-group/m-p/2114052#M142289 <HTML><HEAD></HEAD><BODY><P>How do you get to that 802.1x setting for the VPN?</P></BODY></HTML> Sat, 23 Feb 2013 02:32:03 GMT https://community.cisco.com/t5/network-access-control/ise-auth-computer-based-on-ad-group/m-p/2114052#M142289 dirkmelvin 2013-02-23T02:32:03Z https://community.cisco.com/t5/network-access-control/ise-auth-computer-based-on-ad-group/m-p/2114053#M142290 <HTML><HEAD></HEAD><BODY><P>Not 802.1x settings. You just have to configure ISE as a radius server on VPN for VPN access . And have the poilicies for VPN users in ISE. It will be just normal Radius server and client communication.</P></BODY></HTML> Mon, 25 Feb 2013 15:03:01 GMT https://community.cisco.com/t5/network-access-control/ise-auth-computer-based-on-ad-group/m-p/2114053#M142290 shekharmore003 2013-02-25T15:03:01Z https://community.cisco.com/t5/network-access-control/ise-auth-computer-based-on-ad-group/m-p/2114054#M142291 <HTML><HEAD></HEAD><BODY><P>But I am trying to get 2 factor authentication going here.</P><P>First being the username/password, 2nd being the machine login to the domain</P><P></P><P>How would I set that up?</P></BODY></HTML> Tue, 26 Feb 2013 15:26:01 GMT https://community.cisco.com/t5/network-access-control/ise-auth-computer-based-on-ad-group/m-p/2114054#M142291 dirkmelvin 2013-02-26T15:26:01Z https://community.cisco.com/t5/network-access-control/ise-auth-computer-based-on-ad-group/m-p/2114055#M142292 <HTML><HEAD></HEAD><BODY><P>Hello Dirk,</P><P></P><P>You are talking about MAR (<EM>Machine Access Restrictions). </EM>I think Cisco has introduced 802.1x for ASA in 9.0 IOS.</P><P></P><P><A class="jive-link-external-small" href="http://www.cisco.com/en/US/docs/security/asa/asa90/configuration/guide/aaa_trustsec.html">http://www.cisco.com/en/US/docs/security/asa/asa90/configuration/guide/aaa_trustsec.html</A></P><P></P><P></P><P>If you just want a simple Radius authentication for VPN users, let me know.</P></BODY></HTML> Tue, 26 Feb 2013 15:44:32 GMT https://community.cisco.com/t5/network-access-control/ise-auth-computer-based-on-ad-group/m-p/2114055#M142292 shekharmore003 2013-02-26T15:44:32Z https://community.cisco.com/t5/network-access-control/ise-auth-computer-based-on-ad-group/m-p/2114056#M142293 <HTML><HEAD></HEAD><BODY><P>I could be wrong but I don't think EAP type VPNs are supported even in 9.x code</P></BODY></HTML> Tue, 26 Feb 2013 16:40:47 GMT https://community.cisco.com/t5/network-access-control/ise-auth-computer-based-on-ad-group/m-p/2114056#M142293 nspasov 2013-02-26T16:40:47Z https://community.cisco.com/t5/network-access-control/ise-auth-computer-based-on-ad-group/m-p/2114057#M142294 <HTML><HEAD></HEAD><BODY><P>Hello Neno,</P><P></P><P>I am also not sure but in following doc say that "eap-proxy" command enables EAP which permits the security appliance&nbsp; to proxy the PPP authentication process to an external RADIUS&nbsp; authentication server. </P><P></P><P><A class="jive-link-external-small" href="http://www.cisco.com/en/US/docs/security/asa/asa82/configuration/guide/l2tp_ips.html">http://www.cisco.com/en/US/docs/security/asa/asa82/configuration/guide/l2tp_ips.html</A></P><P></P><P>The ASA only supports the PPP authentications PAP&nbsp; and Microsoft CHAP, Versions 1 and 2, on the local database. EAP and&nbsp; CHAP are performed by proxy authentication servers. Therefore, if a&nbsp; remote user belongs to a tunnel group configured with the </P><P> <STRONG>authentication eap-proxy</STRONG></P><P> or </P><P> <STRONG>authentication chap</STRONG></P><P> commands, and the ASA is configured to use the local database, that user will not be able to connect. </P></BODY></HTML> Tue, 26 Feb 2013 20:16:44 GMT https://community.cisco.com/t5/network-access-control/ise-auth-computer-based-on-ad-group/m-p/2114057#M142294 shekharmore003 2013-02-26T20:16:44Z https://community.cisco.com/t5/network-access-control/ise-auth-computer-based-on-ad-group/m-p/2114058#M142295 <HTML><HEAD></HEAD><BODY><P>That is very interesting. Thank you for sharing (+5 from me). I am by no mean a VPN expert so it will be interesting to lab this out and see how it works out. Have you had the chance to play with it?</P></BODY></HTML> Fri, 01 Mar 2013 16:41:09 GMT https://community.cisco.com/t5/network-access-control/ise-auth-computer-based-on-ad-group/m-p/2114058#M142295 nspasov 2013-03-01T16:41:09Z https://community.cisco.com/t5/network-access-control/ise-auth-computer-based-on-ad-group/m-p/2114059#M142298 <HTML><HEAD></HEAD><BODY><P>No, Actually I havent tried this yet. Just share a result if you try this in lab. If I get a chance to test this, I will share a result with you. Thanks</P></BODY></HTML> Fri, 01 Mar 2013 17:04:08 GMT https://community.cisco.com/t5/network-access-control/ise-auth-computer-based-on-ad-group/m-p/2114059#M142298 shekharmore003 2013-03-01T17:04:08Z https://community.cisco.com/t5/network-access-control/ise-auth-computer-based-on-ad-group/m-p/2114060#M142299 <HTML><HEAD></HEAD><BODY><P>From all that I have learned so far, the only way the ASA can talk to the ISE IPN is via RADIUS.and that takes a lot of options out of play for VPN users/machine authentications.</P><P></P><P>Ideally we would like to verify that both the user and the machine are members of the domain before we allow full access to our network. Better still would be certificate verification for any machines that are members of our domain.</P><P></P><P>At this time we have settled for a simple NAC agent read of a specific registry key that says the machine is a member of our domain. Primitive, yes, but does what we need for now. </P><P></P><P>Now my challenge is contractor systems...we have about 30 of them....and I am afraid that to read a registry key for the exact machine name they give us upon signing our access agreement means that I have to create 30 different policies to make it read the registry key over and over as it goes through each policy.</P><P></P><P>Is there some way to make a list in a policy, so that instead of 30 different policies, I have one policy that reads through a list of possible texts that would be acceptable?</P><P></P><P>Dirk</P></BODY></HTML> Tue, 19 Mar 2013 16:44:46 GMT https://community.cisco.com/t5/network-access-control/ise-auth-computer-based-on-ad-group/m-p/2114060#M142299 dirkmelvin 2013-03-19T16:44:46Z https://community.cisco.com/t5/network-access-control/ise-auth-computer-based-on-ad-group/m-p/2114061#M142300 <HTML><HEAD></HEAD><BODY><P><STRONG>Kindly review the below link:</STRONG></P><P></P><P><A href="https://www.cisco.com/en/US/docs/solutions/Enterprise/Security/TrustSec_2.0/trustsec_2.0_dig.pdf">https://www.cisco.com/en/US/docs/solutions/Enterprise/Security/TrustSec_2.0/trustsec_2.0_dig.pdf </A></P></BODY></HTML> Wed, 22 May 2013 10:38:04 GMT https://community.cisco.com/t5/network-access-control/ise-auth-computer-based-on-ad-group/m-p/2114061#M142300 manjeets 2013-05-22T10:38:04Z https://community.cisco.com/t5/network-access-control/ise-auth-computer-based-on-ad-group/m-p/5133550#M590183 <P>did you ever get this to work? thanks</P><P>&nbsp;</P> Wed, 19 Jun 2024 07:30:42 GMT https://community.cisco.com/t5/network-access-control/ise-auth-computer-based-on-ad-group/m-p/5133550#M590183 siryonz 2024-06-19T07:30:42Z