https://community.cisco.com/t5/network-access-control/ise-anyconnect-active-directory-eap-mschap-not-allowed/m-p/2715341#M55521 <P><SPAN style="color: rgb(37, 37, 37); font-family: sans-serif; font-size: 14px; line-height: 22.3999996185303px;">EAP is an authentication framework, not a specific authentication mechanism.&nbsp;</SPAN><SPAN style="font-size: 14px;">ISE is fully IETF compliant RADIUS server.&nbsp;</SPAN><SPAN style="color: rgb(37, 37, 37); font-family: sans-serif; font-size: 14px; line-height: 22.3999996185303px;">MSCHAP is not a IETF supported inner method for EAP, however MD5 is</SPAN><SPAN style="font-size:14px;">&nbsp;analogous to the PPP CHAP protocol, so EAP-MD5 could be used. &nbsp;The&nbsp;EAP method's defined IETF RFC's are EAP-MD5, EAP-POTP, EAP-GTC, EAP-TLS, EAP-IKEv2, EAP-SIM, EAP-AKA and EAP-AKA'. The commonly used modern methods capable of operating in wireless networks include EAP-TLS, EAP-SIM, EAP-AKA, LEAP and EAP-TTLS. PEAP (Protected EAP) has two IETF defined inner methods (PEAPv1) EAP-GTC, MSCHAPv2 (PEAPv0). There are also many vendor specific EAP types outside of these.</SPAN></P><P>&nbsp;</P> Fri, 09 Oct 2015 15:02:52 GMT waynesymes 2015-10-09T15:02:52Z https://community.cisco.com/t5/network-access-control/ise-anyconnect-active-directory-eap-mschap-not-allowed/m-p/2715335#M55503 <P>Hello everyone</P><P>&nbsp;</P><P>Trying to configure Anyconnect Remote-Access VPN with ASR1000, ISE and Active Directory and facing the following problem:</P><P>the authentication is failing with the following messages on ISE:</P><TABLE border="0" cellpadding="3" class="content_table_steps"><TBODY><TR><TD>11001</TD><TD>Received RADIUS Access-Request</TD></TR><TR><TD>&nbsp;</TD><TD>11017</TD><TD>RADIUS created a new session</TD></TR><TR><TD>&nbsp;</TD><TD>15049</TD><TD>Evaluating Policy Group</TD></TR><TR><TD>&nbsp;</TD><TD>15008</TD><TD>Evaluating Service Selection Policy</TD></TR><TR><TD>&nbsp;</TD><TD>15048</TD><TD>Queried PIP - Network Access.Device IP Address</TD></TR><TR><TD>&nbsp;</TD><TD>15006</TD><TD>Matched Default Rule</TD></TR><TR><TD>&nbsp;</TD><TD>11507</TD><TD>Extracted EAP-Response/Identity</TD></TR><TR><TD>&nbsp;</TD><TD>12300</TD><TD>Prepared EAP-Request proposing PEAP with challenge</TD></TR><TR><TD>&nbsp;</TD><TD>11006</TD><TD>Returned RADIUS Access-Challenge</TD></TR><TR><TD>&nbsp;</TD><TD>11001</TD><TD>Received RADIUS Access-Request</TD></TR><TR><TD>&nbsp;</TD><TD>11018</TD><TD>RADIUS is re-using an existing session</TD></TR><TR><TD>&nbsp;</TD><TD>11801</TD><TD>Extracted EAP-Response/NAK requesting to use EAP-MSCHAP instead</TD></TR><TR><TD>&nbsp;</TD><TD>11803</TD><TD>Failed to negotiate EAP because <STRONG>EAP-MSCHAP not allowed in the Allowed Protocols</STRONG></TD></TR><TR><TD>&nbsp;</TD><TD>11504</TD><TD>Prepared EAP-Failure</TD></TR><TR class="content_table_steps_highlight"><TD>&nbsp;</TD><TD>11003</TD><TD>Returned RADIUS Access-Reject</TD></TR></TBODY></TABLE><P>&nbsp;</P><P>while EAP-MSCHAP is clearly allowed int the Authentication Policy</P><P>The authentication policy matching sequence is</P><TABLE border="0" class="content_table"><TBODY><TR><TD width="33%">Authentication Policy</TD><TD style="WORD-WRAP: break-word" width="67%">RAVPN1 &gt;&gt; Default</TD></TR></TBODY></TABLE><P><IMG alt="" src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAt0AAACzCAIAAADaNDemAAAgAElEQVR4nO19XW8cyXnu/AjulYMASZBg74e3QdZeKDC4QBBExzfy1WB8YSx2Y0DiOTCSWHu4Fg6IsSh6uRvQSrgwko2x4EEUamgwGwc+2dXHwjQjWV87Q4kSyRlRokSKXyKXomYoas5FdVfXx1vV1T09My3O8+CBMNNTH2+9VV319FvVVKYBAAAAAACQDmRcEr0EAAAAAABoGjF1ycHBwcHBwYsXL/b39+v1er1er8l4DgAAAAAAYIUiHpii2N/ff/HiBVMa4brk5cuXXJEw/bG3t/fs2bOvv/7666+/3tnZ2dnZ2d7efgoAAAAAAGDF9vY2Uw5MRTx79mxvb4/pFa5OlCBKRhclLEZSq9WYItnd3eVaZGtra3Nzc2NjY319fW1t7YmPVQAAAAAAuh5cGKytra2vr29sbGxubm5tbXGNsru7y9UJj52I0iRDihIxTLKzs8MVCZcjKysrjx8/fvTo0fLy8vLy8sOHDx/4WAIAAAAAoGvABcDDhw+ZKnj06NHjx49XVla4QOHqhMVOmDrhgRMxaiLpEnH7houS7e1tUZSsrq6urKwwRfLw4UNm0/3796vVaqVSWVxcXFhYmJ+fn5+fv3fv3r179+4CAHD37j0AAIDDBbbWLywsLC4uViqVarV6//59pgqYQHn06NHKysrq6qooTVjUhO3piBs6qi7RgyXi9g3buxEjJVyUVKvVarXK5Qibgufm5u7cuXP79u3Z2dlyuVwS8BUAdCVKAAAArzjKPmZnZ2/fvn3nzp25uTm27nOBwlQBC6IsLy+LURO2pyNu6Ii7OTxkouoSfqxE3MFhB0p0UXL//v1KpVKpVLgoYYqEy5Fbt27dvHnzxo0b169fv3bt2rVr137n4yoAAAAAACkGX7LZCn79+vUbN27cvHnz1q1bTKbMzs5ydcKkCVMFLHDCoiZcmrDjJuJuDjtoomzlZMRNHH7clQVL9l+8IEm+WgwAAAAAAOAIHjJh7w/zrRxPl7B3g5VNHOgSAAAAAABaAWUrh70z3IAuAQAAAACg/YigS/jhEugSAAAAAABaAfGtHOgSAAAAAAA6CegSAAAAAADSAugSAAAAAADSAugSAAAAAADSghbokqVz/d+RMDJtt8HL0D8y0h+a1lbGyLT4IVpeCf3nllpSUaPRaEyPODrGufzpkdhei4QkuqkR22/tKLzFnmxpy6PCN0Yfz60zM/LM0GrYm9r2/mqt55uZHi1ZzNNCks1xK4tO1UzexExLEm24VdWa2o0W6RKxLdMj9gkokbYneeNNj1iUSVPWSq5YOtdvU0Bp0yWpWlVNgC5xhWZMG6yLOjO0HNAlTVtlKbn9uqSZvNAltprajVi6ZP8FSWNbls71BwswDxiwNPxr/7lpwd39586N6A9V08Q15frSuf7vjIxEyKsbLH7XctFjQmjFkrC8SQ23CyCTW0amxW/UIJkeCRrMM9MGaKYa26j6n+omMW//yAirSWyj6Kv+kZH+oIOcepmXKTpQLye8U6hR4OZJv3AtD10OOcbE5ui1ujjflCVSDxqM8Tym3kFGH5pKtjpW8KRhZhB71uRzy8Ags7g7gXSv6CLRNqKXp0e+M3LOq5961HAaLRFu+YjDJsHp0WQzh5DdVFdSPaW7iDRVyuuwgti9If0azHjJNdN8U+umxuhN8lfTCLe7Ts2VJNqiS4QFmH8KUtGRZC0DmZcjkbzBV60APT/RAD/Z9AjPpa2rxonL6BZZZtDzqJLZaoBkqrGNLg2X8wp3KSUXtDaE9ZTQMMl/hC+stsnXInpStCysR8gxJjfH8cYg3JJAD5LG0Hcf1b+2kkMcq9uuOkDsWdrn1oFBZnF3gqlHAhdJyx3VfL8mIgbkPFqi3PLRhk1C06PT7C1ltMykTfYU5SLjaFFvZsdmOt2ACTfTvFDqJsToTfPgoUe4xXVyrmTRHl3CH4vEfvYHlnVmpFcIYVCqlcbMS2p+MaU4gZqt5Ym9BcP+8CSaZHYLdXMo5YlWisLEIksMue3aQjeM5/W7OEwuOPSUViZpf0iZZI/H8CT5O1mOqUaxOca5NcT5pAciF0IZ49q/oSXbHGs2nho2dOusA4PM4u4EoroG4SI1AW+1KEZ025xHi6s/mxg2zUytjrM3kdHUv032lOaikLzuzSTWaKMhCTfTvFDqNcbozdDB4+462yNIs4ijS+r7L0iqbZF8EdzAAhxWesndWl6ORPIqkK5rE6j4gdDU/ULYxIClc/0ubmmIyokoUaxGGDKUAbqp9jY2rL0jlZaQLiHLJK0N1yVUj0f2pFKWpUfCOlGfJNydL2ZpvgdFY+z9626e1bGUqdwKWpeoPrcPDFMWRycYLFRdZPKJvHoRijbGaLH4M96wSWB6dJu9STs1xzbbU6SLQvJGX0HIKchyA8ZrJjGw27PYhQ8em+teeV0iBYa0lkTQJWYvJJJXRex4SWPpXP/IiCZLNCuEXje7RcmgTVNC5iAPbQC9MFjls629KY+XWO8ZV08Kj8IhPULW2CXxEtIhGiwzg/QT6XN7vITK4u4E2pmai0w+kdpMaybNOc3c8q2Il7hMj26zN9kcedVMoqcoF4XkjdHM2PGS2M3kI6o1i138eInbcE0IbdAlYpBTvjGVwRTibiovRyJ5NThZK+aXfiWDt2JNlFF6RUoIjVpNdUMMBhCm2qom22vyqjZHL53rd30eCimTMD+0IqJdMTxJutRQDjnG5OYQmsLJ+Yn0IGmMe/9aSg5zrG674m+r4qTuEcvA4FncnWDqEcVFJp+IBenNdx8tUW75aMMmoenRbT4kMobcUDF6inRRWN74zSTTsY8JN9O8IugmxOjN0MHj7rpXUJdIkG2fVt8mcNYlRN4ArFbDKLHntfmX57KOPKLwpXP9ZJnTQkBMtIQswatXyEOUOR28RSIWGGqAeFsb2ki2l2z4yDn+mMj7v//cOdvGamhPCWU2iGRhFVE9HsOTwXAWTqcbyiHHmF+A+/s4Nl1C1uJeiGaMLK+d3scxTIWqQ+iFSoLcl0TP0m8E6AODzOLuBLIkshzSJ43pke94byYY9gcdR4vrLR992CQ1PZpnb8F4IqOymifRU2FDjszrsIKQ7qVrtqmNKM0kB3ZrFjuydeqAcXNd+EwVHy3QJUDDrAoOqwGt0M6t1OPAK4zUDQxLjAgAnJG6gd0xQJckj6VzhreBD5sB4vNvUtW1okzgECDNAwO6BIiNNA/sjgG6BAAAAACAtAC6BAAAAACAtAC6BAAAAACAtAC6pDuwutj78eJcp60Akgd6NhHAjQCQGrRAl8wN9WYk9A5Fud8jZZ8b6s3kp8QPTVQU1dKwwiPa02whO0MfX8yY5lbHadeSjP5pZ+jjK0Or7hYKiduzEqwu9g5ezDC6VhepUQlBtHPwYr4cJWNCbpy7dMUz4PxKwkZ2xKUNxeCS7VZiboznTNktNgfGgdl17q0DgFcKLdIlTSzJavapvEUuNFNXItKhpYVHKmR1sffjK72D5imsJSKgCV3SDqzkheVz6rzj3N0pXeKbVy5FWGaS6tnVRX/wSE5LxshO6hLPyLlLV2zCtBk3im5JHnZd4tY6AHil0E5dMpX3whL+r3NDvb35fK9whcgufqdKIOIlPFnv0FxjKu//MDfUKyocg51cB/m/T+Uz+SEvtiLmtzSHQynfz9KbzwemaOXQ5ZuS+a25dKX30s7U+Yu9l3aCq3q0YHWxd7A05D8Z58uNqfMswZWhVempcUi83ggmbj/9xd5LK0MfC8+IUsagiswgM2mHTDwnGSnVpRqgdNN5h+d1YsHYGfpYyFguZUIb5edSLbS4sUlT/c9zqg+DJhBubKzk2ZO6uMSKTra7NDDAaSFsNFbyQTmaf0Jdaut0bkaiA0D9TA3vwHWik0t5aswY3CI4xI+aTJ0P+oXoApsrrvQSo9HWOsOYWckHkRVbrwFAGtA+XRLEPaSVX0uqZJ8b6tXy6dpByCXkZ8mm8jyXFHix6af8VKBnpvJckEzlM3LZxuZQhUtZLI2iLLQlazSCtUR67BPWYFkEeBNWuRRE49lsy2dn5TovIZiUV4Y8taHOsOpqETyIk/s4gpFiXboBGtjKZ12cVvKDslBjBQoLRr4sVkE1qtEI1J5sodGNMUxVnn2VjYDAh/4iJ/7ku9Gzx6RLfANMz9ZT5y9mBkv585rHTEb6hRD+CXFpWKeTZdIGu3pVFl6G4S2Kb9HJ+pgx1RLADzvxX+kuCHWFm0zUbZDuO96ngZp08TAAdAStP18SLKxiPKN3aM6gDLRjH0KwxFyC7aCJp0cUWUKcL/F/Z7/43wQxEoRcwppDmhFcsZYjWci1kTlZQ1yKhFlMmbbE+VfNJc/L5gfuOXUKczkywtNQiaUs/qRpMpJCyOIkRIz8NCt5zy3+B3ujgvQOFlqttZkacnSDmyQaw2ss5T8WxISl+5RWUOYFkTN9rRWNDJZtyj8RxgnlUrJMA8K86pUTSA1L7d5PmpP1MWNyi9h95ZIUa3FqNfl0Ea5LVCElZqSjXBE8DABtRrviJdJFf1UOT+lcgvhBXbXZJVWW2E5vCEEaRQd4AiG0OXrhkmGkBzTTabFFtVAI3mYGqcegpHSJEN/Olxt2XSJYZdYl0gLmPztG0SUMU+fDjrWWSxn5SVEIS4Q1Slp14usSm6nqs69ngOpD+rFYFgqxdAn3xtylK5nBK0NlqiHiZoFYhe4fu0tdOp0oM55XtU0QS+1BvFAVH9qYIdxCW0X2Cy3gKFc4nnu13HdSFYL0iehhAGgb4umSfZJekfR6HyleYtleMZRgfTFnbqg3n1dliUWXTOUz+TyvTdQl6YyXGMRB6PoUR5f4pnkrk1mXBOciw+Il7tEICg67OdxL4pNrKa9N93SjTI/IycdLeC2+qboPSV3iPeILrQuNkxnW3cAP+v6XlFHZGjCe+jSOE3unW8tU4OxVh9rNusQ0Zoy1NNjuzyKxlypmCXeF43EfoVJ9zBCSNIKHAaDNaJsusZ4OEWGVC9HOl0i/ansflsBM79CcJB2Es6fC7o6tOe08X6KuheLUIzx2J6FLpi6VvCnS33GXttuFjMGTpfD0TyU2b/bTrRP8GapIyiVpd0M58ReYam2UvGZ7L/VE1CXRT0JcGVolfSgdqJRq5AEh2eG6S8mH/rlLVzLSAnmReN3GENTR/RPm0rBOJ32uIZpXA4SeL9Gc7OeiY3J0LUJEZFAdM0qsLtQV7qqLGjOKZjX2GgCkBO3TJba3aUTYXo6N8z6Ony78IEsmk8lP6VpgKp/hr9mEvY8jRUTMr9jkh4bC38dRCjEm05cZ6UQb29k5X0rsfIny9xJ4QJg4LMJfZxCPvFjex9Ge8hu2ld4hRkK+hqBltzeq0VBfgQl1YwxTpbg6N5XyoWiM/PaNtwWzGkTy85d0Jxs3vPgbNJngzQ75SV1eCAUpo/kn1KX2TifLjOlVasU11R7YIDvZXqO6J3KRhUmk93G8MAzVolBXqKPR3jpqzPDu+PiKEpazDwkA6AhaoEtSCEqWOMP6B1TioaV/OgUIR/cFscO2w4AwND1m0tAFabABAMJw+HXJ3FBvc3/INSldIsZnkhY6QBTQpxcPN7AgNYcExkznukCJhAFAynH4dQkAAAAAAK8KoEsAAAAAAEgLoEsAAAAAAEgL2qFL6rUaCIIgCIJgKKFLQBAEQRBMC6FLQBAEQRBMC+Poktr+PknoEhAEQRAEmyF0CQiCIAiCaSF0CQiCIAiCaWEsXVLfJwld0o2sTB4/ObnQcTNAEATBQ8FO65LK5PH820cZveWtOn7y1HjFYnRoArqW4xNV4evY5aScKDYh//bwdHLdY1vyZSfEEgcLE6e42YFzYhvpfUjAMBAEQbBr2VldMjMsLOSXR5lWaJEuOXX8pK9FktclYslNrPERGN0JMhcmTh0NnDAzHFs9qMqjWcNAEATBbmZHdQmhD6rjJ4PYw9GTk5fVZ3o1wYK4LgqfL48KuVhF02OeYvDrJQIGlcnj+bFx//rwNC+Hr7XcAP+K0orpMWG91xIrhilN9pszPvr20fzYZdac4Aovx+yEIHgjmKdmr9VrM8N5Sj24ZqcCXZXJ4yfHhps1TPcPCIIg2EXsfLxEW34MD9yVyePBqmzYKeCfp8f8XaGZca5LatVxFjLR9RAvXAx4TI8F+zJ+gZdHhV+DFVcsLVjyicSKYWwZHp2RLfEr5brEv7IwcYre7Qr2UFSDpQKNNnPPu2UXUzrt4ziXrPkHBEEQ7Cqm6HyJv6Fj2gjg1yPpEl7L2OVarc5CJnScxtclVPTF/zwzLO59BFJGLI2vwVRixTApjaFSaaOEix7KCWRKF//oVduzK1tXobqkScNAEATBrmGndQnn9NhRcsWVdlucdYmw0zE8La6j1fGTY5eFZVUt3K5L5COuR2ldIuoVLbHRMHNz3HWJtKj78si0/OvxkkjZSbFi0iXuJSv+6fTtAYIgCLaZqdElQZhBXtiCFdQcL9Gf3X16Gx9imumx46NjPHyiFh4hXkIZIJVJJbYYZqpUuaJ6Q05JhnOIFlHnS9yz2y42aZjsn07fHiAIgmCb2VFdwg+i1sTjI7XLo8Gz8sLEKe/4hSGBcp0tZgsTY97SOD12dHRGXnHZE7l/7lUpPESXCEdG+AtE2vs4whtGamLVMGaMcr7ErEsCg3UnWI5xUC2i3sdxzx7ImkBACC6KbZjmn87fISAIgmA72flzr0fz6hsZwQ6IF6Jgn8eG+YO4lCDYixmeEPcpWLHUQVcppCEXHqZL1NdnRGOI3QctsWKYkoZJKMvmkXpoxvLaCxVDksMS4utIwSFWx+x+Q46PjqlBlGYMI/wDgiAIdhHTs48DGqjtcYAgCILgYSV0SeoJXQKCIAh2DaFLQBAEQRBMC6FLQBAEQRBMC6FLQBAEQRBMC6FLQBAEQRBMC6FLQBAEQRBMCw+zLrkw/9t3z36rb6DHwnfOfvM3lSsd7wYQBEEQBOuHW5e89f5rP/qvP33v8zcGvnjz/QtHfnzhzznfv3Bk4Is33/v8jZOf/9k7Z79Ze/684z0BgiAIguAh1yU/+Oz1UPYN9NSe73W8J0AQBEEQhC6BLgFBEATBtLBLdcmRf/ijvoGev/qXP4EuObQsFbLZQrnjZhxikh6G20EQbI5doUv++t/VAMkv7/zremOTJeiALikVspkAuaL4a6mQzWSEmb1cyGbkib6Yy2QLJbmQXFEoOVsoCRX5P9Vq9VoxJ31tU0vN9igsFbLZQim5qsMXSNXbne79pNpFsZgL6iQHT1T/tE2XyB5jJmuNMg8zddRpjSKHpVipsUX6DcUNIr0qmCsmCC6bxr+9WIMx4cWCYBp5+HXJd8f/uG+g59t//wdMlLz5we/9573iduPr363+9lvDf9g5XeLPIMVcRplDs9msOI8Q2iJbKEnXA+1SKmQz2WxWlCneZ3+Oar8uoe2h2HZdonu7TT4x6Mi2VU0Onqj+aasuIYZNuZAVxnMxxz1p1yXht5hXGpeMxRxRO3VDeQXVa7V6MReIJ6HqnN/Xyj3LjJFb5FwsaUx4sSCYUsbRJc/r+yTTqUv6BnrmN2//x93zfQM9bw1/49cLv3zWeH7zydW3Bl7r2PkSaR70dUatVq/VyoVstlDyIiJeAmFWqtXqxZwwnWnrPftQzNETdGfiJSZ7+AMpa778UJwtlIUpmK0S/LNQmvw4WCpks4VCzg8JeAtkMSc+YQukvC1b4pVguRL0HX86ZaURX/WOqynClPCJ2vVBu5ysogceOXgc/UMGEvSLYl/E8pjhfpG6SYo2cU9adQnRKL38EAFtuqGEr6El+AnKhawwOLVGRShWMsahWBBMKQ+/LvmLj37/1/OT9cb+L65+OHHz5/uNF7dWr4pHTzqrS+SnVT9gID90ilMMm1WVQrT1plTIUhN0p3QJZU+wMHClpcRLpAWYB114GvkhMljy/Ytedu+xkTKP9raogSxXVOODVhQLhZL61aJLBGFKF6sIMt9aJ6tMA89Jl5D+EdwuKyT1otgXsTxG3i/Wi0QoUUtJNcoQL3GIY8k3lJvaY+Q3vi4gbLKsCV3SvrAcCDbHeLqkTjKduoQpj4uVzw4aBweNg69Wr/YN9HT4fRzx4VJcWuSVmIozC9eVPRpWDr/IQhRp0SW6PaIlfGFW9nGEJSRXLBeyuaKQUVoshQVJXGyyuZxlOqa9TZ4YsFzxq1akgEkZ1PSlhS/qpE/4RaWNblaZqiYHj4t/lDWSDN0J8ZKyxbZoHpOQK1o3Xyy6JLRRVKXmSINZl5i6QDG1RgTMrOEiS7GyMaHFgmBa2RW6hImP/16+uLxdVURJZ+MlytZ+WZ5+ia0c9SGPDKdzBcOON6ZDlyj2qCsNqUs8cz1FwiIHpUKWLaLSMmb1D7nomrztEtI3Gi8uY8pXS4HiU75erOcEKSbEdnOcrDJUTQ4eF/+IbufeJi+axmoCHjNdDI+XuHa6SC90Qv4aL16iBmMUq2zNd46XhBcLgmllt+iSH3z2+rd/8o2+gR7l3ZxO7+OIzzGmXYxa3Y/KBps4NYfJupjL5nKp0SWKPaQlqi6pF3PZQtG/WMxlTEdVTPESFlcgZ2SDt110idWNhNZUFn6lwOC51lBsMZcJwkVmXeLSueQ+Dk2zf0IlSEi8pGmPBRbKPRt+vsS50+0VGX3uchDENCAtjopzvsT5JxBMHbtIl6To76qpD0DEKQc1YOvtSthfItC30jMZ07zZ/pbK9ogHD/n7Dl5sQMyezXK3FHOZbDbne0BYLZRYQpDXf5rXn3eN3i6xYxFCYv0KYXy54BvmyQjpa910vqRkOIQhvQNSzCnvNPnnZkKtMnZHqC4x+icYloKAoC7KJcTwmGEUBTS+jyMrieCkhalRevlc/taEO5RwlHJDyWNSPLUtHME2ixJpt0XIFVosaQxdLAimn4dZl7x79k0XXfLOz954vtfB93G86bUgnVOr1eWpPMofXaD3mIs5LXzd9pYa3j2hXusQZuTAWim7uDugnx6QPpeZ74SlpWzztmCYl8Z6JVA/gjHKV1WXmKLrlE+UIyBBuxysEimaFKZLbP7xy2E6uSwXHlxURUBkj8mjSIZwDNzgSWG8i8OAbJRafq6o3i6Eiww3FL8ctCLoejFPYDO9gSXLDmuxtDHmfTEQTDcPrS7Zerr+k38b6ht4zf7/CfcN9PzNP//dxtaTjvcECIIxGb4tBYLgK8NDq0ue7e7OXJn+5Bf/9OHoyJkPz5z+6enTH5w+/VOJZ0bO/OwfRy9c+uLZs92O9wQIgrHJAyeIDYDgq85Dq0tAEARBEHzlCF0CgiAIgmBaGEuX1OokoUtAEARBEGyG7dAlcwsVEARBEATBUCJeAoIgCIJgWghdAoIgCIJgWghdAoIgCIJgWghdAoIgCIJgWghdAoIgCIJgWpikLvm/V2ZBEARBEARjsx3xEgAAAAAAABdAlwAAAAAAkBZAlwAAAAAAkBZAlwAAAAAAkBa0XJew/3ycfQj9FwAAAACAbkbH4iUHBwf7+/t7e3s7Ozvr6+vJtwwAAAAAgFcN7YiXkNdfvnwpShPESwAAAAAA6OT5ElGaJNwsAAAAAABeQcTRJXu1OkmyAsdACOIlAAAAAAC0XJcAAAAAAAA44rDHSx786vvHThw59smXSRf85Ucnjhw7ceSj6ykpJxpmPjly7MSRY58MdqR2AAAAADAg7fESb9l2XTsfffrDE0eOnfj+xCPvQmK6RC05rp5IqhwZXjMF2guELgEAAABSiXbES7ae7kz9v9+Y+GRjq2GMl1wfDNba058+CG1O+3RJp8uR4TWTuchzmq0KX5ckHkYCAAAAgGbQpnjJ6bPjR5QH+mMnjhw78b/P/Pzly5emXNWJ00eOnTjy0a/UtVxaVr1leHDGTx/wky99XTLox12E1VoUPScGZxqNRqBjlPREyZQNHn/4q6pyxRdVIeVIYQ9fh9ma4EPSJX4M5oe/qprK5JXaWvHJIOl2ViwAAAAAtABtOl+yv//if/2fUUWUvPOjD/ae18RkMgLBoT7fG3SJOV5yYnCGDCqwErxcQho9vVZyYINoQKPRuD7IdAlfvyVrzeVIoR1W5ulPH1hMEkDqko+uN0xlErqEaMWXTEX5DWHFJhzpAQAAAAAB7Ttf8vXu3vf+Z4GLku++++Otpzu2DEbxEUOXqAuzH4nxzlUEX00LuVlPfCov3hScylGOegQiwGiSAGofZ3BGPbwSlKnpEkMrxOpEJQcAAAAALUFb38d5+PjJ//j+e0eOnfjL7/3twv1lU7JGo8HXb5Vs4WxKlwgLtkJalxhKDj066iVQ9lCi6RKrSQK0c68sAalLjnx0XdclplaoUgYnZAEAAIBWot3v49y+V/3L7/3tta/uhqTTNyy8FVTehmg04ukSJV6i1RtBl5CRhqp0MUrcxSleYtIlahylairTNV6iyia1XgAAAABIFB34+yUra5uhyaSTmx78CEoQQtCOX+iv3ZoWdUr32EWAWrJ6LkQ6mfGpmNh0+IMux3S+JI4uiXC+hGpFVXR7yF4VAAAAACSAdP79EvpNV/9llk++FF9s+eFpdUENtjPIxZ6nVLeKwoITcsnu7+N4FnLRYC7H+j5OHF1iKtPpfRxPhXBX48QrAAAA0Goc9r/3CjQPi+gBAAAAgESRzngJkCJ05i/lAwAAAF2JeLqkRpKsAPGSVxyGnSMAAAAAaAFarksavuZw+RcAAAAAgG5GO3QJAAAAAACAC2Lpkuc1kh1tCAAAAAAArzygSwAAAAAASAugSwAAAAAASAugSwAAAAAASAugSwAAAAAASAugSwAAAAAASAs6r0vqtRoIgiAIgmC9VoMuAUEQBEEwLYQuAUEQBEEwLYQuAUEQBEEwLYyjS549r5GELgFBEARBsBlCl4AgCIIgmBZCl4AgCIIgmBZCl4AgCIIgmBZCl4AgCH4h6MwAAAsESURBVIIgmBZ2qS65MP/bd89+q2+gx8J3zn7zN5UrHe8hEARBEOwedqkueev91370X3/63udvDHzx5vsXjvz4wp9zvn/hyMAXb773+RsnP/+zd85+s/b8ecc7CQRBEAS7hN2rS37w2euh7BvoqT3f63gngSAIgmCXELoEugQEQRAE00LoEpVH/uGP+gZ6/upf/gS6BARBEATbzG7XJX/972qA5Jd3/nW9sckSJKBLSoVsRkKuaM/iZcgWSlGqyBXFD+baM0oCU1EOLBey2UJJyBLd8qRoMZv8qVTIZgtl1/JnhvOnxiv+18rk8fzYZfFDbFYmj+ffPirw+ETVOWNzVSdVSK3G+11CtlAmLmcLJZalmFMHpKGQRIZHrVavVcdPvj08nVRpkVjMBQ233q0i6XvZ9d50pWRMpGmK7MTWGAl2H7tal3x3/I/7Bnq+/fd/wETJmx/83n/eK243vv7d6m+/NfyHyekS8UYt5uz3fIwbO0SXSFfKhaxtunevnS/tjvNsSxlVl3BR5VL49Njw6FigGBLWJWIJsgCKkDGR2pPuBWOnSLeAOiBbNYo6p0uKuVwuFwy29OqSKNOUqROhS8Ak2NW6pG+gZ37z9n/cPd830PPW8Dd+vfDLZ43nN59cfWvgtcTOl5DzSzAR82cOloZ/zRZK0kOMNwWIpalzilKUuXZ9JqKnJ6pAn8WcYpJsudDSQk5uQkjJUp5soVQvCp8Da8UyQ32Yy9E2yLXT63R1/OSp8crM8MnJBSWZlH5m2It5sCvCKliZPM7VxvTYUV4OUaOfqzJ5/OTY8ElemlK4/atiDxc6WjKx9umxo0QhMkN1jKMuIZZAKpxgoRBnCpx8cnJ8VL4otvrk2LCiS8TmhLuCdLKLW0qFbLZQKub4LZ+ILglCFaqYUKMX2VwuS9/CIcbYY4p0J5ruRJM91DxANw3sLna1LvmLj37/1/OT9cb+L65+OHHz5/uNF7dWr4pHT1qiS4SJmH2qsweOXFFOL8zXjmIiUrwkTJcQtklNsGsa/pOvJ4o5/ljMSxYv+iwVshnBFZmIbvE+BYUbbKiL0srCyuTxk5MLtdrlUVFnqLrk8qi/BeMrj4WJU+zKwsQpvlLyi0Hh4pLGFUxl8riwuOqF26uWVJF/0VrIzLBf2sLEqaOjM8kMdeO663UJveaF6xIhqiT1he4HudV5F11Cu4KXE9k//uqu6fhmdElw94n3pmEycYvOWqcpioZOpCaQ4L6T7aFmGLppYLexq3UJUx4XK58dNA4OGgdfrV7tG+hJ+H0c4oZnj1A1+c73b0h6tqJ+ddUlMvTnNroEyjaxWJfnP7IKqTR97uPOUT6Ts6TmFlcbanW3rZxASUyPeQsSoUuCxSxYNQNBc2p8guVloRehfO18iSp9LIXbq1af4EMLcds/ijTULWOvJj4Wy90abSPAb1eYyCD2cYxZdFeIF8UywxmMsWJOVdhN6RLyXnCcTKgybdOUmXon2m9zNRyrzzB2MQR2C7tdlzDx8d/LF5e3q4ooaX28RDw4Ju078PRCiqbjJcWcuskSoks023ixYuAhqiaQkulzn5MuMbpFDz43pUuq4ydF3SAvgfSGDhcfbAGbGc6PXfYSaEuaaQvAtMXAC7dX7UsiQ0VaITVRITUhUFzjJXquiPs4tdrlUUOnGPtFiHjZnUy4gm/iRHWRIs3C7laLM4mRrNyY4ZOJrZbI8RJDJ9pvc1WXUDMM0TSw6whd8voPPnv92z/5Rt9Aj/JuTqt0SbCoa3GImqoMbLHf6Ps4ZS+Mqv1E6xLrpNmxeInVLcnGS+QF3lvYHOMlLP3E5HEeKZkYU7cAXHRJO+IlApUTMM0MddOiyCMHPqUNNad9HNueWnPxEtIV0WIk9G3Cm+moS/RbQ9fcNffJJKzLbNMURVMnRouXWG2zGwAeakKXtPjvqqk3vHSO3bAFS0oQdesnEBnOukQ6vWEvKuQUiPv5EkIThJ0vseoS0i3BRe9TUKNZl4SeL1mYOCWtZGwrx+18ifc5/7Z+yiSgky5p7nyJn9JWiGJzq3WJ+q5HxHOvqp4gYz+Uc1T/BwpyYeLUUasr6P4NY7mQlQYYW8tddYnnJuG+oO4a+7Gt+Lok2vs45O0Zag+RwNA0sNvYpbrk3bNvuuiSd372xvO9lv79Eu01FuHWLQcRzVzOX275xWyhoO0is8qsa0OpwM+BWouibBPodI7PqAnC3sex7uNQbhEbTryPY7BBrp14O0aPOpwan3Z5H4cXKLyJ4/4qB/H+sFI422BK7H0cdVuEZJz3cVT4g1+M4Uc+X8JEnvSWjW3ny/A+jlDO8YnJ4RBX6P4MdUupkKV2RoquuqReU91EXVfFhGkyCemykGmKJNmJ5J1IPxiQM4yhaWB3sRt1ydbT9Z/821DfwGv2/0+4b6Dnb/757za2nnS8k9JIMqr86jDC3y8BQRAE28hu1CXPdndnrkx/8ot/+nB05MyHZ07/9PTpD06f/qnEMyNnfvaPoxcuffHs2W7HOymdfIWX9ldcVIGHh1RUKfkjn7FraY95ICizG3UJCIIgCILpJHQJCIIgCIJpIXQJCIIgCIJpYSxdslcjGU+XzC1UQBAEQRAE5xYqndclHZdmIAiCIAimhNAlIAiCIAimhXF0ye7ec5LQJSAIgiAINkPoEhAEQRAE00LoEhAEQRAE00LoEhAEQRAE00LoEhAEQRAE00LoEhAEQRAE00LoEhAEQRAE00LoEhAEQRAE00LoEhAEQRAE00LoEhAEQRAE00LoEhAEQRAE08IIumRvb293dxe6BARBEATBFnFnZ2d3d3dvbw+6BARBEATBDjNEl7x8+ZLpklqtBl0CgiAIgmBLyXVJrVZjuuTly5eSLjk4ONjf32e6hB8xefr06dbW1sbGxvr6+pMnT1ZWVh4/fry8vPzw4cOlpaX79+9XKpVKpbKwsDA/P3/37t25ubk7d+7Mzs6Wy+VSqXTr1q2bN2/euHHj+vXr165du3bt2u98XAUAAAAAIMXgSzZbwa9fv37jxo2bN2/eunWrVCqVy+XZ2dk7d+7Mzc3dvXt3fn5+YWFhcXGxUqncv39/aWnp4cOHy8vLjx8/XllZefLkyfr6+sbGxtbW1tOnT/nhEqZL9vf3Dw4OaF2ibOVsb28/ffp0c3NzY2NjbW1NlCYPHjxYWlqqVqvVanVxcZFLE65Obt++zQUK+7dUKn311Vf8XwXiT/q/9sSWlPbCE0ncZOEWRErc0sLdbYiRvnWJI6VsaWLgcOArA9xT6untKU2Jo1qbYOLQtsdO7+LYpBJb0kdtYNvQcWPKPmZnZ2/fvs0Vyd27d+/du8dECVMFS0tLDx48WF5efvToERMla2trGxsbm5ubT58+3d7eVjZxCF3Ct3JYyER8K2d7e3tra2tzc3N9fX1tbW11dXVlZeXRo0c8asICJ9VqtVKpcIEyPz9/DwAAAACAQwq21vMYSbVaZWESHilhomR1dXVtbW19fX1zc3Nra4uJEv4mDguW8E0cVZfwrRymS3Z3d8XdHC5NeNSEqRMmUB74WAIAAAAAoGvABQCTI0yR8O0bUZTwHZzd3V1Rl/BgiaRLxJAJ381h6oRv6DB1wo6bMIHCsAoAAAAAQNeDCwMmR9jeDVMkfPuGHSvhOzhisETVJTxqIm7o8GOwLHbCNQoAAAAAAIAFTIuwGAk/6Cpu34iRElqXcGnC1Um9XmfvDwMAAAAAAMQGUxRckeiihNYlpFIBAAAAAABoEqGS4/8DzbxHgCqLxe8AAAAASUVORK5CYII=" />&nbsp;</P><P>Allowed protocols list named TEST:</P><P><IMG alt="" src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAt0AAAM7CAIAAAAZP7uOAAAgAElEQVR4nOzdTY/c1qHn/0YHXgXIO8jCtc6y3gZX8szNNiBuxlG24brjIAEu4KkEmesVAQMCjMDwePK34XYlmIjJVUZ2bMmy9WRJVklUy3pWt/UsS92SbP4XLJLnmSzW06mq7weEUMU6POeQ3VXn14dkaS0DAADww5rthe8BAACmpmku+f7771+8ePHs2bM9AACAKXj27Nnz58+/++67mlzy4sWLvb29p0+ffvvtt48ePXoIAAAwUY8ePfr222+fPn26t7f34sULay55/vz57u7ut99++/Dhw/v379+9e/ebb77ZAQAAmJBvvvnm7t279+/ff/jwYZ5Onj9/bsglL1682N3dffz48YMHD+7evbuzs3P79u2bN2/euHHj+vXr169fvwYAANBKniVu3Lhx8+bN27dv7+zs3L1798GDB48ePdrd3S1nTYa55Lvvvtvb2/v2228fPHhw586d7e3tmzdvXrt27euvv758+fLW1talS5dSAACAVi5durS1tXX58uWvv/762rVreTr55ptv7t+//+233+7t7eXXmqyVZ3CePHny8OHDO3fu3L59+8aNG1evXr18+fLFixcvXLhw/vz5r7766iwAAEArX3311fnz5y9cuHDx4sWtra2rV69ev3799u3bd+7cefjw4ZMnT/KzOWv5DTjPnj17/PjxvXv3tre3b9y4ceXKla2trYsXL3711Vdnzpw5ffr0yZMnT548eeLEieMAAACNnThxIk8Rp0+fPnPmzFdffXXhwoWtra0rV67cuHFje3v73r17jx8/fvbs2ffffz/MJXt7e/lkya1bt65evbq1tXXhwgXjjcUAAABjyqPJ1atXb9269c033zx8+HBvb6/KJbu7uw8ePNjZ2bl+/Xp++uarr76ad58BAMByOnfu3MWLFy9fvnz9+vWdnZ0HDx7s7u5WueTp06f379+/ffv21atX0zQ9f/78l19+Oe8+AwCA5fTll1+eP38+TdOrV6/evn37/v37T58+lXLJvXv3bt26deXKlYsXL549e/bkyZPz7jMAAFhOJ0+ePHv27MWLF69cuXLr1i1rLvn6668Hg8GXX375xRdfzLvPAABgOX3xxRdffvnlYDD4+uuva3LJ+fPnT506dezYsXn3GQAALKdjx46dOnXq/PnzjXLJyZMnjx49Ou8+AwCA5XT06NGTJ0+SSwAAwPyNnEuOHDky7z4DAIDl1CaXnNy6wsLCwsLCwsIy8eXIkSMj55Lnz1+wsLCwsLCwsEx8IZewsLCwsLCw+LKQS1hYWFhYWFh8WdrkkmfPX7CwsLCwsLCwTHwhl7CwsLCwsLD4spBLWFhYWFhYWHxZyCUsLCwsLCwsvizkEhYWFhYWFhZfFnIJCwsLCwsLiy8LuYSFhYWFhYXFl4VcwsLCwsLCwuLLQi5hYWFhYWFh8WWZZC6p+S8Ct7e6b24N8n8n9d8OTra2xWodAIClM9Vc8qj35v9bK0fuGeSS7a3uf/y/teFypt+ihnFaNxYo+tM9/Gjy9Y+0ua22Nq3cDqvjXCxvbg3OnhHXDHdZXbll3rb1bgIAlsg0c8n2VvfNM+Gbx3rb5dPp55Ly6dkzjUa7KeaS2+F/FPue3Q7fv92ukfYa7pq52KPem/XBbnD4mBS58ggi7qm+xrYtAABTzSWDw8e6hx/13y/GHiWXVHMJZ/qZMDpub3WHUx3F0FiVFCKO8U9taYi9Hf7Hmf72VvfNrd77QivSbMqj3pvCH/fqq5k4MRCetfY5H2K1v/tvh/qcjbIvYveqHZc6P3B1Y3hAzB2whDa5sHwEJLfDupmM2lziCB/kEgCAbnq55FEvnykp5y2kXHI7zIfYfHx6/3Y5ig8OHwvfPxOezbLsdjgsWYzW2raO+ZLB4WNreXNlYUOj4ib6q496b5bbmgqUe1T0sP++FET67/8/eZzW9kXqXtZ/v3h89kxVv6EbeiWmDhgPjl7YPa2SZyDLZI85l4iZyXhmx7gtAABTzCXSeF/NDQz0sznFSNl//1hvO+u/f6a/vdXNR+X8X+laBHEWwXl9iRiG9MLl8CzO0yivOk4SSQXyyQz7WY9yFsG9L1kRR4pDYT7zpVdi64C5/1rhJqd7zp4x7mD9eZwsUy9GKV4llwAAdNPKJdXJAvEsiTOXDA4fC8/mcySPem+e6Z89MzxnoYya7lzSsPAkc0nOnU6U8zK2DuenrvKDYM8l5hhRFzhsvZ34fIntSpq8KnFCi1wCAJC1yyXPjYtQrXzqIT+VU3MeJ8u2t8I3j+UD1eDwmfD9M73tTDx7UqiuJx2erClfqRn4LedxhmN5+/M44XBwLU5dlU2XI7R+BsrS4fw0lnRFjr0bZSXWDpjO46iFpetalOM87vUlEvlVcgkAQDedXKIOt7fD/zjWO+u87rUslg+r4t00+tmZ4qqF7vtnRpgvMTc6vArEfN2r0LT9utfqPIU8ylaXlFqv2DV2WL2extGN/IBYOiCd8VHOOkmFqyMgdb7t/ThC/cMrbLi+BADQzJTmSwAAAEZGLgEAAL4glwAAAF+QSwAAgC/IJQAAwBfkEgAA4AtyCQAA8AW5BAAA+IJcAgAAfNEml+w9f25c5r0vAABgsZFLAACAL+aUSz794yuvvPLKK3/8tHwwrR20tDub5iZroTsPAEADrXLJs+fGxdjAcDBVxlPvcknVzcKv/ny1RQNX//yr9hvXIJcAAJbdtHOJON4LA6qvuWSYJ4pej94tcgkAAO1NOZfI0xDViGrJJVLxorSpyHDcl1PA8Jk23aHPhdTlEjGYFLUWDx1dlTpQu1+GTdTm5fLigZD3aSoxCACAmZtuLrFOixhekDKG+ER6oRiPxWe/+vNVOa+IrcnRpeF8iSmX/OpXv1JW6V01zZc4CmuN/urPVx3lbUcz3w4AgMU3zVwizDSogUAfYq3JpaxHeCg9EwZzfYrF1q7aV3MuEaoWooajq3ousRcWD4/WEVPlxcM//lHpEAAAS2KKuUQad5XRXYsjf1bHc3GAL+dCrv75V6+88qs///mPr7zyyh8/FcKIfqom3+JTpdpmucTY83IbLXpYJ3fchT81xQtX5cqxKnHBCQBgWUwvl+gXWwjD8Gi5pAwmf/6jFk+kyy20EVod5ke4H6coM+1cIvelSS75VD+4RBMAwFKYWi6xDefiDEjD8ziZFBvKYTm/4MMww+HoRdPzOK4dmfB5HKXJBudxPtWLc04HALAUppVLDEFBDCajXPcqbltUWOYUdSZECgTaYG6LL6PlEmdXtfAw+ete//hHdTKHWAIAWA5TyiXGACAEk1HuE1a3NTyVyyg1CKuFe2oUI+USd1cNX9ky2fuE/yifcyKUAACWxtS/7xUAAKAhcgkAAPAFuQQAAPiCXAIAAHxBLgEAAL4glwAAAF+QSwAAgC/IJQAAwBfkEgAA4AtyCQAA8AW5ZOr2hftZWFov8/79BYCZIpdMHUMLWuOXB8CqIZdMHUMLWuOXB8CqWa5cMuh119bCvrJGWjF7DC1ojV8eAKumTS7ZffbcuMx7X4a5REom5BIsMn55AKya5cslYb8fVlFEzCXD1CIml0Gv2+31wnxltzfI+sLjoWJV23zD0ILW+OUBsGra5ZJnxmXe+1KlkCqZVLmkH5Zho1opnPjJU0v1eFhBuVnrmRd9aImDjiqI01RfHcRpvkUSVSujJMuyzFC6Ko5lQS4BsGqWM5dkWT90pYkytwx63XJmRHxcphEhzWTiPMwIrENLGgfDkGF6WkmiTvVCGgdS/rBuhWVALgGwapY1lxQpQ84l5SmZtRFyiUg4vdPYuLlEXZ9EYjAhlyw1cgmAVbO0uWSYM/rieRz95E6TXDLuZbNjz5ekcWA/R0MuWWrkEgCrZolziXx7jnoBbHmax51LjI9GM0ousV8vUl1hIicUcslSI5cAWDVLnUvkLzSpbsfphmG3TCs1uUQ4ldMqlUxgvkTfivM4q4JcAmDVLFcu8dK4uSSJlNXSCnLJUiOXAFg15JKpm+z9OFz3ulLIJQBWDblk6tpfX1LFEfH7S7i+ZIWQSwCsmla5ZO+ZcZn3vniKoQWt8csDYNWQS6aOoQWt8csDYNWQS6aOoQWt8csDYNWQS6aOoQWt8csDYNWQS6ZuX7ifhaX1Mu/fXwCYKXIJAADwBbkEAAD4glwCAAB8QS4BAAC+IJcAAABfkEsAAIAvyCUAAMAX5JKpm/sXYLCweL7M+z0KwCPkkqnjYxdw4A0CQEQumTo+dgEH3iAARHPKJYNed00S9ie9Z4Ne11Fr+aq72CTwsQs48AYBIGqTS57uPTMuIzSrpoF+OI1oMkIHpoiPXcCBNwgAkSe5JMsGvW63Nxg+6Yf6NEq5Tgs0a2tra2vd3iCvJAy7a2trYb9qoh+uhb3hBE3ehlC/1BOt3UGv2+31DL0ZAR+7gANvEAAib3JJ1g+HoaF6JJTqh8UjYaX8erc3GPS6a/qL/VAKJPLpG60OrQfayhHxsQs48AYBIPInl5QTJuL4X8YRUygwTrqIUx1CLpEmQAbGXFJFn6o5c4Wj4WMXcOANAkDkTy4pk0d1wkY48yJeKiusUbKKNZdIp4jCvimXSF3S4ou5z43wsQs48AYBIPIml0gnUZzDv+k0j6Facy5hvgTwC28QACJPcol0P47hOg/l3M7wsXapif08jhpRRri+hFwCTBFvEACiOeYSx/eXyHfZyKtq7sexzJfkd+msSRMnze7HIZcA08QbBIBoTrlkptreSDMhfOwCDrxBAIjIJVPHxy7gwBsEgGgVcsmc8bELOPAGASAil0wdH7uAA28QACJyydTxsQs48AYBICKXTB0fu4ADbxAAona5ZM+4zHtfPMXHLuDAGwSAiFwydXzsAg68QQCIyCVTx8cu4MAbBICoVS7Z3TMu894XT/GxCzjwBgEgIpdMHR+7gANvEAAicsnU8bELOPAGASAil0wdH7uAA28QACJyydTxsQs48AYBICKXTB0fu4ADbxAAInLJ1PGxCzjwBgEgIpdMHR+7gANvEAAicsnU8bELOPAGASAil0wdH7uAA28QAKI2ueTJ7p5xmfe+eIqPXcCBNwgAEblk6vjYBRx4gwAQkUumjo9dwIE3CAARuWTq+NgFHHiDABCRS6aOj13AgTcIABG5ZOr42AUceIMAEJFLpo6PXcCBNwgAEblk6vjYBRx4gwAQkUumjo9dwIE3CAARuWTq+NgFHHiDABCRS6aOj13AgTcIABG5ZOr42AUceIMAEJFLpo6PXcCBNwgAEblk6vjYBRx4gwAQkUumjo9dwIE3CAARuWTq+NgFHHiDABCRS6ZuX7ifhYXFscz7PQrAI+QSAADgC3IJAADwBbkEAAD4glwCAAB8QS4BAAC+IJcAAABfkEsAAIAvWuWSp3vGZeqd7Ydra2trYb96MEWDXndtba3bG0yzkYmYxdEAAGAWvM0l+WArj7de5JKyY0OjJpfJ951cAgBYFr7mEmH0rwZcj3JJvj4vM1o0IZcAAGDTJpd8+3TXuEyuV0Um6MvZwJxLxAmMYVFDdsgLG16Qs4+40hw5xCqEyqW+iY1J9ajV20s690wuKRwNaTKHpAIAWDRTzyVraz+3LdZOVVMV8qSFnkuk19XNpKG62xvoJcK+dbNG8yVaLul2h88tHcv02Q1bSamdftjtDdwl9TbJJQCARTOL+ZLRQok8UpuHdONIbM4z/XBtLQzD6kn1QJ5wUWtrkkuGmSfsKzFC3Vh8quQSW0n95Iy1zqKomMAAAFhEMzqP0zyUaONvmSXqc4kw5hfzIYNetzgfVAzcVYqQdHs9KQo0ve5VCTfmjbVTLbZcooQMRy6xzh5VO0Q+AQAsmNldX9IslBgjg5wmmsyXFHEmDLvViJ2fZDGFA33zhudx1NWWXDKb+RL1EBJMAACLZqbXvdaHEuOwr08MKBMfpss4lBuN1duO9UFevVrFkj+a5RJHx7S8YympXMcSiqehTCXDfj+UMxXXlwAAFo1v9+MYR33t3Ebd/TjievlGFqGAcm+McA1sXrI7xnyJs2P6jUCTuR9HmmlisgQAsIB8yyUAAGB1kUsAAIAvyCUAAMAX5BIAAOALcgkAAPAFuQQAAPiCXAIAAHxBLgEAAL4glwAAAF+QSwAAgC/IJQAAwBfkEgAA4AtyCQAA8AW5BAAA+IJcAgAAfEEuAQAAviCXAAAAX5BLAACAL8glAADAF+QSAADgC3IJAADwRZtc8vjprnGZ974AAIDFRi4BAAC+IJdgUT3Z3b105dqRE6f/dvhffzv8ryMnTl+6cu3JLr+HALDAWuWSJ7vGZd77MoL4rbf3hfvdS/zW2/PuJqzu3n/w2akvj585d2N758WLF8+eP7+xvXP8zLnPTn159/6DefcOANDSiuaSfeH+81dvu5d94f55dxNmT3Z3Pzv15WDrcpZlz58/f/31//nKK//t7t27WZYNti5/dupLZk0AYEGtbi6xvfT6RxefPHvhLmOQxkFHEsTp+P0cSxoHnShxr5lNJWqN4x6bS1euHT9zrnx6+euvjx49uru7lz89fubcpSvXxmoAADAn5BLJwYvb6xubP333c0cZM3W0TqK5J5PlzSVHTpy+sb2TZdmzZ8+uX79++PDhnZ2d8tUb2ztHTpweqwEAwJyQSyqP9p6//PtkfWPzwPErtjJW6mhdPE/jIIiioNMZvppEw/kUJcQokyymYuW62pXmLilrmjRhKmPNJe5dK1eWuSSNg04niFOxwupxEnWieDgJpeaYvx3+1+7eXpZlOzs7Bw4c+O//9m//+913v/vuu/zV3b29vx3+l6GDAADvrXou+cel6u/sVz84ub6x+bP3TihlGlFG6zQO8tE0jYOOlAWGY2z1SNiyWFm+KL82fFS30tIlc1PKI622xvMlpgpt+xvEqfkAyLmkCCRJpKSuMpd8//33B5Nk3yuvHDp0qHyVXAIAi2ulc8kbR7bWNzZ/c+h8lmUHL27/4NebP3njUH5xSTb29SWmvFAN/NVAbRjmxXNA5SbGE0POs0Val+SJED0smWprmktsFeor0zgIgkBoyZ5LhLVSx8rzOI8fP/5f//mf4b//+4ULF8pXOY8DAItrpXPJtQdPf9w7+NJrH75z+vrLf0h+9Lu/ntt5pJRpynZ2wzzoZtVYa7jcojqbIp3FqHKGsIFxpa1L5RpjT4y1Ncwltl2znL4J4jgq+2vNJdUeiQEnE657vXr1yv949dVf/vKXp06dKl/lulcAWFztcslT4zLvfRlBmTmOXLv3w9/+ZX1jc31j80+nrhnLNNIkl4wwX+K8sLTh1IkrUhhnMky1TWe+JE6FNFSfS9TsJt4n/P7777/zzjtbW1v5S9wnDAALbdVzSZZlH3x166XXPvzFh6e+t5ep1yiX1F1fUjw0FFPO7ThWOrrkvr7EWNvUri8RHsjHQry+xH4KS/xetd29vd29Pb5XDQCWALkky7LsvbM3d1985y5To1kuGf1+HOlchn7rjXGltUt19+OYastP7SiX9BovpRn1fhzppqVib2Pxepr8Ribbd8HwPfQAsHzIJWOVwdR48AUwAICZW9Fcwv+P4z1yCQCsohXNJQAAwEPkEgAA4AtyCQAA8AW5BAAA+IJcAgAAfEEuAQAAviCXAAAAX5BLAACAL8glAADAF+QSAADgC3IJAADwRZtc8ujJU+My730BAACLjVwCAAB8sdq5ZNDrrq2tdXuDJiXDfrlJky3qq+qHa2tr+cPZbT7UD9cko+1R2YcxjbULAIAltNK5ZNDrrnW73fpBWRg/x80lYw7FkxrJpXr64UjJZHJpglwCAJCtci4Z9Lpr3V6/1xXGRmGILgbNfFKlmFXIc0m3q04zVKWKdXnJMOxWa+WqxFFZfkWtcoTNHa2L5ERQha18//PdU9rM69A6qjdt2R1DSTXvDZFUAGBlrXAuGQwDyUAMJoZckhnGz25vMHwU9jNpEqUqaixprtW0Mk9NA+s2xs2rjphbLzlziRLT7LtYX8DdSWlnxY3HOlEGAFhcq5tLqjgiBpNmuUQpIJ3bsY619mDhOJ1RXQdirUlqvXxiyRFSve4wlllqNmcR4YmpvZqSw9kSJkoAYNWtbC4RB0p1sG+VSyT2ZGALFtqYLAzV7k7JV7wY1lpziUCKKMZcYopRxgLG3TFXpc28cCYHAFbcquYSPUoIZxvGmi+Rm2g9X+LKTZOeL7Gtn918ifaTIZgAwGpa0VyiDH7VU/OVFjW5RFypXOHRKJeY6hd6mPfEXpPxQpdJ5JLaS2gaFrBejSMnMz2FAQBWTatc8u1T4zLvfWlO+5tcSwFra2FoOMkwPEthGO+F0xDiPTKWK0XX1tbCvuV+HH2V2JW6zfXpjTFyibFmsQ+WAua7a5z344gHkKteAWBlrWYuAQAAPiKXAAAAX5BLAACAL8glAADAF+QSAADgC3IJAADwBbkEAAD4glwCAAB8QS4BAAC+IJcAAABfkEsAAIAvVjSXxG+9vS/c717it96edzcBAFgtK5pL9oX70xs77mVfuH/e3QQAYLW0yyVPjMu892UETTJHq1ySRJ0gTotnaRx0okR80FoaBx2J0IyxXVvhNA7KZ/JWwzUlucPiK+VGE9xBAADIJWOWUSVRFEXVUD/hXCLWIEcKW7t6YTmWSFtlSSSEkTQOxI3EmJJERTQhlwAAJopcMlYZWT7mJ1HNdEI585CvEV4Ts4Ayl6EO/OJze7t64SQSGnNvVfZAn1YpipJLAAAT1SaXPPz2iXGZ976MYCq5pJiKkIZ+bdiuBvniUTmFkZ9+KdOKlAWUgV+ZzbC1qxVWY4m4Jm9fSSCZKZbovSKXAAAmYYFzydraz1tvO41cUiWJcqg3DNtCDNCCSRIFcRwVExFyFtAuGRFPuJjaNRauyhq2KjulXEWiFFD2mVwCAJicxc4lraPJFHKJkgXk0do8fpfZIB/5k6gTJcMCWhawDvzOdvWyVSwxhhylYnk+x1yGXAIAmJiFzyXtosnkc4k8eCflrEeT+ZJ8bRwH5UxJrE1R1EcNU7sKcUJF30rLQsUKri8BAMzIMuSSFtFk4rkkzUNFKR/Sm11fMnws3uOiz2BYBv6admViLDFsJd+PI/aP+3EAALOxJLlk1Ggy6VyiDvTDQT1pcj9OUYF4PYc+xpsH/rp21cJlmjBtlYp9M31DCt9fAgCYsiXJJaNuO7XvVQMAAO0tQy5psS3/Pw4AAB5a+Fwy40YBAMD0LHYumXGLAABgqhY4lwAAgCVDLgEAAL4glwAAAF+QSwAAgC/IJQAAwBfkEgAA4AtyCQAA8EWrXPL4iXGZ974AAIDFRi4BAAC+IJcAAABfkEsAAIAvyCUAAMAX5BIAAOALcgkAAPAFuQQAAPiCXAIAAHyxorkkfuvtfeF+9xK/9fa8uwkAwGppk0sePH5iXOa9LyPYF+5Pb+y4l33h/nl3EwCA1bK6uWQiZTRJ1AnitHiWxkEnSsQHY0qiTqlsR69cXaP3SiK8BgDAPJFLxiqjSqIoiqphfqK5JI2DjlBJEhWBojaX2HpV1UQyAQB4gVwyVhlZGgdBnCaRPpMhRYFy0iNfI7yWxkEZEdS0oKeHYsOaXGLvlak0AABzRC4Zq4wkDwBZlkRizlBzSZUvikfFdsMTLGVaqYklYruOXOLoVVWY+RIAgBcWOJesrf289bbTyCVVkigjgCGXVPFADyZJFMRxVMyByFlB3E5vuKOrQoipV6aiAADM22LnktbRZAq5RBnt5ThiPqFTZoY8MiRRJ0qGBbQYogUVuWXbfImzVwAAeGbhc0m7aDL5XCLnhqSc9WgyX5KvjeOgnCmJ9dmRVteXuHsFAIBnliGXtIgmE88laR4qSnkEaHZ9yfCxeHuN6dxKi/txanoFAIBnliSXjBpNJp1L1AAwDB1Jk/txigrEO3FsuWG07y+p6xUAAJ5pl0u+NS4z7rpX8yUAAGB8y5BLWmzL/48DAICHFj6XzLhRAAAwPYudS2bcIgAAmKoFziUAAGDJkEsAAIAvyCUAAMAX5BIAAOALcgkAAPAFuQQAAPiCXAIAAHxBLgEAAL4glwAAAF+QSwAAgC9a5ZJH3xqXee8LAABYbOQSAADgC3IJAADwRZtccv/Rt8Zl3vsCAAAWG7kEAAD4glwCAAB8saK5JH7r7X3hfvcSv/X2vLsJAMBqWdFcsi/cf/7qbfeyL9w/724CALBaVjeX2F56/aOLT569cJexS6JOEKfFszQOOlEiPmgtjYNOR6wjicTnSdQp2RsSS5Xd1PumrtF3SiK8Zuv5ePsOAFgZ5BLJwYvb6xubP333c0cZlySKoqgapyecS4IgKqtOoiAo6kwiIYykcWBMCmkciJEliYpAUZtLbDtV1WRPJsMkRC4BADRCLqk82nv+8u+T9Y3NA8ev2Mo4pXEQxGkS6VMR0lhezlrka4TXxEyhDPdpHHSEeJDGURRZQo8xKOgri81qcol9p8TScRxIySWI03w/gzhhvgQA0NSq55J/XNopV776wcn1jc2fvXdCKdPUcDjOkkjMGWp0qAJC8ajYTjpXk4oDfVlDEhWvRsJ4n8ZB3dkUx6SGO5c4dqoqHMSp0F+l65zHAQA0ttK55I0jW+sbm785dD7LsoMXt3/w682fvHEov7gkGz2XVMNxOYYbckk1vuvBJImCOI6KSQw5R+Q1pHEwfDVKtLMtrus9xGb1fnd0VQgx7ZShqJiuDIlqpEMJAFhVK51Lrj14+uPewZde+/Cd09df/kPyo9/99dzOI6VMY8pwLccR8wmdcgTPx/wk6pRpQ8sRw/VpHMVplkRRYh3vi5NBVVDJC7eZL3HulF5PEKe2RNXsIAIAVtxK55Isy45cu/fD3/5lfWNzfWPzT6euGcs0Ig/HSTnr0WS+JF8bl3Mh5ayJXH8nSoo5lWEAyAtpGcY0OdLq+hL3ThkPQaIFIPnAiFcAACAASURBVHIJAKCxVc8lWZZ98NWtl1778BcfnvreXqbW8ARLKR/Dm11fMnws3h+j38EippDy7I/pfhzbtSQt7sep2SnTQTCcRiKXAAAaI5dkWZa9d/bm7ovv3GWc1BF8GA4S4+kb5X6cogLxThx9IK85JWT8ZhLNaN9fUrdTxsOgt04uAQA0Ri4ZqwwAAJigFc0l/P84AAB4aEVzCQAA8BC5BAAA+IJcAgAAfEEuAQAAviCXAAAAX5BLAACAL9rlksfGZd77AgAAFhu5BAAA+IJcAgAAfEEuAQAAviCXAAAAX6xoLuH/xwEAwENtcsm9R4+Ny7z3ZQT7wv3nr952L/x/wgAAzNjq5hLbS69/dPHJsxfuMnZJ1AnitHiWxkEnSsQHraVx0OmIdSSR+DyJOiV7Q2Kpspt639Q1+k5JhNdMfa7pEwAAlVa55OFj4zLvfRmBLXMcvLi9vrH503c/d5RxSaIoiqpxesK5JAiisuokCoKiziQSBv40DoxJIY0DMR4kUREoanOJbaeqmozJRFhv6xMAADJySeXR3vOXf5+sb2weOH7FVsYpjYMgTpNIn4qQxvJy1iJfI7wmjt/KcJ/GQUeIB2kcRZEl9BiDgr6y2Kwml9h3Siwdx4GUXII4jpTZHaZMAAC1Vj2X/OPSTrny1Q9Orm9s/uy9E0qZptLh2FyNwaZcUgWE4lGxnXSuJhUH+rKGJCpejeKkrDONA8fZFKVVU7cducSxU1XhIE6F/qpddzcPAEBlpXPJG0e21jc2f3PofJZlBy9u/+DXmz9541B+cUk2ei6phuNyDDfkEnHiQA0mSVROM2hje15DGgfDV6NEO9viut7DMV+hXS8iXhBi2SlDUTFd6V0nlQAAmljpXHLtwdMf9w6+9NqH75y+/vIfkh/97q/ndh4pZRpThms5jphP6JQjeD7mJ1GnTBtajhiuT+MoTrMkihLrNStFDKiCSl64zXyJc6f0eoI4VVuqrmMBAKDWSueSLMuOXLv3w9/+ZX1jc31j80+nrhnLNCIPx0k569FkviRfG5dzIerFGZlQQz6nMgwAeSEtw5gmR1pdX+LeKeMhSIRNlEttAQCos+q5JMuyD7669dJrH/7iw1Pf28vUGp5gKeVjeLPrS4aPxftj9OFcTCHl2R/T/Ti2izla3I9Ts1Omg1CdRiKUAABGRy7Jsix77+zN3Rffucs4qSP4MBwkxtM3yv04RQXinTj6gF5zSsj4zSSa0b6/pG6njIdBiiWmK1YAALAjl4xVBgAATNCK5hL+fxwAADy0orkEAAB4iFwCAAB8QS4BAAC+IJcAAABfkEsAAIAvyCUAAMAX5BIAAOALcgkAAPAFuQQAAPiCXAIAAHxBLgEAAL5Y0VzC/48DAICHVjSX7Av3pzd23Av/nzAAADO2urlkImU0SdQJ4rR4lsZBJ0rEB62lcdBRCA0Z2rUWlcoInUqi4rm2udh1+cXxdgoAABm5ZKwyqiSKoqgKARPOJfYabO2WL+vJJI2DThBE5eokCgJLb5NICCBJRBgBAExLm1xy9+Fj4zLvfRnBdHJJGgdBnCZVQDDnkiSSJhuE19I4KAOEkiVcucTermPjNA46QphJ4yiKrCkqb0F+BADAxJFLxiojKYbsakbBlEuqvFE8Kod68dSKOv47comj3Wpb43xJlCRR0VwUJ47ZnbLXZajiLA4AYPIWOJesrf289bbTyCVVkigDgiGXiKdB1GCSREEc569r0xL69SXVTIexXesFIkKFUZLGwbC5KHGddSoakSIOcycAgAlb7FzSOppMIZcoWUAe4M1Dfjmu54EiiTplONCu4rDOlzjblVVzHVFSlEnjKE6zJKrWuOdL1LVMmQAAJmjhc0m7aDL5XCLPHSTlrEeT+ZJ8bVxOXZSzJnL9xgzgbtfd4U6UFJM0QZy6cok5lpBLAAATtgy5pEU0mXguGZ4PKeUjdrPrS4aPizMz2g28RQOWszGudt09zsskUac8nVR7P44UUNTGAQAY05LkklGjyaRziT5CJ1EnsFxJqtyPU1Qg3omjpwrD95dUl4dY23V32XWyqcn3l3BxCQBgwtrlkkfGZcZd92q+BAAAjG8ZckmLbfn/cQAA8NDC55IZNwoAAKanVS558Mi4zLjrhBIAAJbMAucSAACwZMglAADAF+QSAADgC3IJAADwBbkEAAD4glwCAAB8QS4BAAC+IJcAAABfkEsAAIAvyCUAAMAX5BIAAOALcgkAAPAFuQQAAPiCXAIAAHxBLgEAAL5ok0vuPHhkXOa9LwAAYLGtaC6J33p7X7jfvcRvvT3vbgIAsFpWNJfsC/enN3bcy75w/7y7CQDAalndXDKRMpok6gRxWjxL46ATJeKD1tI46CiEhgztWovaqusEcWrtZxJV5cbbEQAA7MglY5VRJVEURVUImHAusddga7d8WU8mxpLmVpJICCNpHNgqAwBgTOSSscrI0jgI4jSpAoI5l5RzD/ka4TVxzFeyhCuX2Nut3bhJLmmecgAAGA+5ZKwykjweZFkSiTlDzSXVqF48KrYbnlwp04o0+DtyiaPdattx5kvSODCcCgIAYOIWOJesrf289bbTyCVVkigDgiGXVOFBDyZJFMRx/roaSwwXhBSvW9qVWM8ANcolRWdtF6sAADAhi51LWkeTKeQSJQvIccR8QqdMFHmgSKJOlAwLiPGlrN6YGJztyqpoIV0t0iyXSGWIJgCAqVj4XNIumkw+l8gTHEk569FkviRfG8dBOVMSq7HEmhjc7Tbpdm0u0TKStgIAgMlYhlzSIppMPJekeago5UN3s+tLho+LEyTiVSZSA6YwUNNuk36PeD8O170CAKZnSXLJqNFk0rlEjQfDwTtpcj9OUYF4J475phhVlNS126TjajeMV6aI319CKAEATMuS5JJRt53a96oBAID2liGXtNiW/x8HAAAPLXwumXGjAABgehY7l8y4RQAAMFULnEsAAMCSaZVL7j8yLvPeFwAAsNjIJQAAwBfkEgAA4It2ueShcZn3vgAAgMVGLgEAAL4glwAAAF+QSwAAgC/IJQAAwBfkEgAA4AtyCQAA8EWbXPLN/YfGZd77AgAAFhu5BAAA+IJcAgAAfEEuAQAAviCXAAAAX6xoLonfentfuN+9xG+9Pe9uAgCwWlY0l+wL96c3dtzLvnD/vLsJAMBqWd1cMpEymiTqBHFaPEvjoBMl4oPWjDWkcdBRCK0bOmMtCgCAD8glY5VRJVEURdV4P4tcYq/W1pnyZZIJAMAz5JKxysjSOAjiNKmygDmXJNFwwiJfI7yWxkGZFZTYMHIusXemwcYAAMwFuWSsMpI8CWRZEok5Q80lVd4oHhXbDc+0lGlFms0YNZc4OlNty3wJAMAv5JKxyoiqJFFmAUMuqXKCHkySKIjj/HU1ljS9vqTYyNIZCZMlAADfkEvGKiNQhn05jphP6JThIc8OSdSJkmEBMb6U1TefL3F2BgAAX5FLxipTkSc4knLWo8l8Sb42joNypiRWY8loucTdGQAAfEUuGatMKc1DRSnPAs2uLxk+Lk7CiFeZSA00ziU1nQEAwFfkkrHKFNQkMAwdSZP7cYoKxDtxmlxKMowaqiip6wwAAL4il4xVBgAATNCK5hL+fxwAADy0orkEAAB4iFwCAAB8QS4BAAC+IJcAAABfkEsAAIAvyCUAAMAX5BIAAOCLVrnk3kPjMu99AQAAi41cAgAAfNEml+zce2hc5r0vAABgsZFLAACAL1Y0l/D/4wAA4KEVzSX7wv3nr952L/x/wgAAzNjq5hLbS69/dPHJsxfuMnZJ1AnitHiWxkEnSsQHraVx0JEMm9HWd8QOGPpjLQoAwNyRSyQHL26vb2z+9N3PHWVckiiKomqwn3AuEWsoAoe7Zlt/lEoAAPBDu1zywLjMe19GYMwcj/aev/z7ZH1j88DxK7YyTmkcBHGaVEHAnEuSaDhbka8RXkvjoAwKSmZQI0Xx3JVL7P2xVAoAwHytei75x6WdcuWrH5xc39j82XsnlDJN5TEgy5JIzBlqLqnyhjDlka/JT7OUaUWaylAiRJlgHNHC0R+lEgAA/LDSueSNI1vrG5u/OXQ+y7KDF7d/8OvNn7xxKL+4JBs9l1RJogwChlxShQQ9mCRREMdRMQ0iJwbt0hAhapivGbH0x1QJAAB+WOlccu3B0x/3Dr702ofvnL7+8h+SH/3ur+d2HillGlPGfDmOmE/olMkhDw5J1ImSYQExvpTVm1KEdb7E2R8AALy0kLlkbe3ntqVhDWXmOHLt3g9/+5f1jc31jc0/nbpmLNOIPMGRRPLFH+75knxtHAflTEmsxpKRc4m7PwAAeGkhc0lmiSbNNxczxwdf3XrptQ9/8eGp7+1laqV5qCjlQaDZ9SXDx8UZGPEqE6mBUXJJTX8AAPDSouaSTIsmI22rZI73zt7cffGdu4yTGgOGoSNpcj9OUYF4J46eHly5RBUldf0BAMBLC5xLMiGajLphk8zB970CADBji51LsixrEUoy/n8cAAC8tPC5BAAALA1yCQAA8AW5BAAA+IJcAgAAfEEuAQAAviCXAAAAX5BLAACAL8glAADAF+QSAADgC3IJAADwBbkEAAD4glwCAAB8QS4BAAC+aJNLtu89MC7z3hcAALDYyCUAAMAX5BIAAOCLVrnk7gPjMu99AQAAi41cAgAAfEEuAQAAviCXAAAAX5BLAACAL8glAADAF+QSAADgC3IJAADwBbkEAAD4glwCAAB8QS6ZiUGvuybp9gbG9eUrWZZlWT8Un9oqkVoJ+1PdBaH6fig/N5QP++17NdWdAQB4ilwyE+ogWwQO9+DbD8MwrMKHrRJrKxM16HXXut2wbLAfdruu5sglAIDRkUtmQh1ki+euwXfQ63Z7g34VTGyV6CsGvW631wuH0yrDMsaVWTac+BDXDXrdbhgq0yODXndNiEmDXhiGQvtKJcLT4YYN2hVXdoXay4IEFQBYduSSmVAixKDXrZ0vyWNJlvVDIVgYK9FbGfS65VmeclbFuFJ5Pa9+0OvqESB/uR8WRcJevycmB1Ml9s6ID20rh32wHgAAwPJpl0vuG5d574vHtEtDhJHWfM1IEUuEcdlWidSKdurEvVI6GVS0ZBz/85WDXnc4zzOcCKmvxNquONeSby6uLItqp6sAAMuLXDITtr/0rTMASgZpdqFGy1yixSJHLskGvbA3yPph2G9aSW1nygwmtyvPk5iv9AUALBlyyUyMmkuq2ZIsK0foaeUSWwQxr+yH3V4v7PYGTSsZd75EwNQJACw7cslMjJhLhmdLSvl4PZVcYrrOw5lLsn6oT6u4KmnervH6EuUcEbkEAJYauWQmXLlEVV7EIeiHa13xOtOaVkbJJcJZGOHalibzH+5Kyi88qW9XvclIuR9HOEvEVa8AsOTIJQAAwBfkEgAA4AtyCQAA8AW5BAAA+IJcAgAAfNEml9y+e9+4zHtfAADAYiOXAAAAX5BLAACAL8glAADAF+QSAADgC3IJAADwBblkFuK33t4X7ncv8Vtvz7ubAADMGblkFvaF+89fve1e9oX7591NAADmjFwyC47M8fpHF588e+EuY5dEnSBOi2dpHHSiRHzQWhoHHYXQkKFda1GpjNCpJBKfJ1G1tb3nYqmyDX1n1TWj91YrOd7RBAA0RS6ZBVvmOHhxe31j86fvfu4o45JEURRVw+qEc4krH5jbLV/Wx/o0DjpBEJWrkygIiq2SSBj40zgwJoU0DsR4kERFoKjNJS16q6y39QkAMGmtcsmd+8Zl3vviL2PmeLT3/OXfJ+sbmweOX7GVcUrjIIjTJNJnDqSht5xkyNcIr4nDrTI6u3KJvV3HxmkcdIR4kMZRFFlSlDEo6CuLzWpySbPexnEgJZcgjiNldocpEwCYAXLJLJSZ4x+XdsqVr35wcn1j82fvnVDKNJUOh9JqyDTlkmo8Lx4V20mnVlJxXM6cucTRbrWtcb4kSpKoaC6Kk3KrNA4cZ1OU3TD1x5FLmvZWOADqsXA3DwCYJHLJLOSZ440jW+sbm785dD7LsoMXt3/w682fvHEov7gkGz2XVKNnOeQacon4d74aTJKonBXQhmL9+hJ91JbalRgSTd6lNA6GzUWJdrbFdb2HY77CcClM1YXmvRXjmn4sSCUAMBvkklnIM8e1B09/3Dv40msfvnP6+st/SH70u7+e23mklGlMGV3lOGI+oVMOuPkQnUSdMhxow751vsTZrqxKGlFSlEnjKE6zJKrWGFsI4lTbvM18yQi9LZpQWqquYwEAzAC5ZBbKzHHk2r0f/vYv6xub6xubfzp1zVimEXn0TMpZjybzJfnauJy6UK+lyLLawdvSrrvDnSgpJmmGASDfSgtFpsmRVteXjNbbNA6COBE2US61BQBMH7lkFsTM8cFXt1567cNffHjqe3uZWsPzIaV8yG12fcnwsXg7iz76WgbvmnbdPS5TSHk6yXQ/ju1ijhb344za2/xQDNsmlADAPJBLZkHJHO+dvbn74jt3GSd1wB2O5Ykhl2j34xQViHfi6OOv6aKN8vIQa7vuLrvOMRm/mUQz2veXjN5b4bDoB4CMAgAzQC6ZhSaZg+97BQCAXDIL/P84AAA0QS4BAAC+IJcAAABfkEsAAIAvyCUAAMAX5BIAAOALcgkAAPAFuQQAAPiCXAIAAHzRJpfcunPfuMx7XwAAwGIjlwAAAF+QSxYSX2yP+ar99atd5r0HADzVLpfcMy7z3pcVsi/cf/7qbffCRz+mZ8zfLn45AdiQSxaS42P99Y8uPnn2wl0GGBO5BMCUkEsWku1j/eDF7fWNzZ+++7mjDDA+cgmAKSGXLCTjx/qjvecv/z5Z39g8cPyKrUydJOoEcVo8S+OgEyXig9bSOOhIhGZ8YNnDJDL0ePyjMb5Br7umCPs15bUCxpXNTDuXDHrdbq+v9m/Q63Z7A9sGeVnzTmlrRz2Ak9QP8wb1fWn+EynqqLrtODjAQiGXLKTyY/0fl3bKla9+cHJ9Y/Nn751QyowgiaIoqhLDhHOJWIMcgObPsIdpHHSEdUlURBNfcok2zjqGpTEiiNF0c0kxxCpDrWvkrdlB4/Ea5QBOTNWwocsNf0xCMXELkgmWA7lkIeUf628c2Vrf2PzNofNZlh28uP2DX2/+5I1D+cUlWZuRI42DIE6TSJ8YkEbicg4hXyO8lsZBmTaU4KGO5cpWUo1SI+JW6srappWu5rsYRUG5pigQRJGaNfTkVDSXxkEnitSqTTuSxkEQx3pJqd2yFa23DvoAJq0p/5rO1whPB71uNwy7xWPrJvI6bbB0/XY1yG3uX85+KIy61UgrPBFmO9Tx2bhT3TCsyyXqCK/X3+31HMeoG4ZVX00HU9s5rQ/2n5rjYKn7O7NZH2BayCULKf9Yv/bg6Y97B1967cN3Tl9/+Q/Jj37313M7j5QyI8hjSZYlkTjYq7lEGvSDOK22G47LZWSQRnVlrKpihDD8V2UMXbD1y9G03lVlDkQJMNJY6pjQSeOgo9Vs3BFzSaVdUx9rk4nzz/1+OHxo+Nt80OvqY7lxEzkeKOOd9bdrGK7GySXi4CpnkeHDsrOmOGLaqXyIbzxfYqvf8LrchPq6eUakSlpCRVqvpJrt0yBKEwQTLAFyyUIqP9aPXLv3w9/+ZX1jc31j80+nrhnLNFQliTIAGHJJFQ70YJJEQRxHxZSCPKpr15eYBq6ycmMoMK10NW3pqrSyfKyFAfFF/UiJEzCGcsXG5pJKu1o+c7Vd0C+PMI92xThlnE6oHps2cY6Hxt+uJOp0OkGcjDdfIp+NKJ9ZTlI4dlDJN3XXl5j3Vavf1URehfFgCvU1yiXihpYfxHAXpJc4lYMlQC5ZSOLH+gdf3XrptQ9/8eGp7+1lGlCCgzysmk/oKAkgiTpRMiygjazOSQDh6lJxFNcukDWstDdt7Ko9Uqg91pKVeV+0SswHUDmG0iU85TEU1V18Iw6Twl/q5XN1vK3PJaYhuhq81cFuiudxlFF4ONKqA67QY0sukaOIGhBcB9BZv9KE4TST5WAqpQy7auu8O2xIlZBLsATIJQtJ+Vh/7+zN3RffucvUkIfhpJx6aDJfkq+N46Ccroi1P/itY1USiVdj6GXqpk7sTY83X1J3fYlpFsR1/qvBfMko19LKg654csY8l1+fS5zT/9oAOsVcog6tg143vyxGHM7tl5WMMF/iOIDOy1bq50scB9NxfcmI8yWGGsklWAbkkoXUJHOMlEvSfGQv5aNks+tLho/Fu1X00zS2sUoduYsrXMSajSc6GjRtub5Emt6wXl/S8H4cawRxTc+4ry9pdK+SOqRJA6vh0oSa8dW0iXI6Yma5xDS1EYahNCcg7YJ1QmiU60uEA+iu39WEdkGIIVFU17G478dxVWI/GcT1JVgC5JKFNOn/H0eNJcOxMTENusbbRpTbYfRhyT5WCSdnqptiDGd2LCudTZvux9FuC7Lcj6M2af7+EuN9RWVt1jM+Rb1RHBvux2lwB7X5T23xckzlJEJ+Ska+B8d8P448L2G5JWRG9+NU/VSnUIrOFjfaWM+AyMWkKqwH0FW/um1xkMJez3A/jnHywv79JeWPSarEkDSEy2OUU3jEEiw8cgkwPz58FUorU80lC3k2wjD7MYcuLNxhA3TkEmDGxEuMvfpyuRFMN5cszBAr3tUz7/4uyCEDarXKJd/cMy7z3hcAM8L/jwNgSsglAEZGLgEwJeQSACMjlwCYEnIJgJGRSwBMCbkEwMhqb1OvXea9BwA8RS4BAAC+IJcAAABfkEsAAIAvyCUAAMAX5BIAAOCLNrnk5jf3jMu89wUAACw2cgkAAPAFuWQW4rferv06h/itt+fdTQAA5oxcMgv7wv3pjR33wjdNAQBALpmFJpmDXAIAALlkFqaWS5KoE8Rp8SyNg06UiA9aS+OgoxAaMrRrLar2tzTsoKGlanuxvLVSAMDyIJfMwrRySRJFUVSN1xPOJfYabO2WLxtDRBJ1qmJpHMiFtBbTOBDKZ0lENAGA5UcumYXp5JI0DoI4TaqAYM4l5ZxDvkZ4TcwGSpZw5RJ7u66NTbnD1aIebsZPWwAA35FLZmEquaQY15NIzBlqLqmG9+JRmQfyMyhlWnHPXjRqt9pWm9moDRVKAcucCwBguZFLZmEauaRKEmVAMOSSKjzowSSJgjjOX1djieGqj+J1S7sSQwDRWjAUUHIJcyMAsHrIJbMwhVyiZAE5jphP6JTRIB/zk6gTJcMCWgqwTm8425VVF61GiVSmqsN00a7SWQDAKiGXzMLkc4k8bCflrEeT+ZJ8bRwH5UxJrE1O2HKJu92aHiuFLDcTGV919QkAsDzIJbMw8VyS5qGilAeEZteXDB8XkxXiVSZSA5azMa523ZQ7apSn3I8DACCXzMakc4kaD4ahI2lyP05RgXgnjvnuGVWU1LXbpOO2q1CM4YbvLwGAFUMumQX+fxwAAJoglwAAAF+0yyV3jcu89wUAACw2cgkAAPAFuQQAAPiCXAIAAHxBLgEAAL4glwAAAF+QSwAAgC/IJQAAwBetcsnOXeMy730BAACLjVwCYGR//+dHYy7z3gMAniKXLKTL128ePX3WvVy+fnPe3cTS+vs/P7oyBnIJAJs2ueTGzl3jMu99WSFHTp65//iJezly8sy8u4mlRS4BMCXkkoX06YnTtbnk0xOn591NLC1yCYApIZcspE++OFWbSz754tS8u4mlRS4BMCXkkoX08ecna3PJx5+fHL3iJOoEcVo8S+OgEyXig9bSOOhIhGZ8YNnDJDL0ePyjMb5Br7umCPs15bUCxpXNTDuXDHrdbq+v9m/Q63Z7A/cOmndKWzvqAZykfpg3qO9L859IUUfVbcfBARYKuWQhfXTseG0u+ejY8ZHrTaIoiqrEMOFcItYgB6D5M+xhGgcdYV0SFdHEl1yijbOOYWmMCGJkySWf9Q8cOHDgwIF3D50dJ5cUQ6wy1LpG3podNB6vUQ7gxFQNG7rc8MckFBO3IJlgOZBLFtLho5/X5pLDRz8fsdY0DoI4TSJ9YkAaics5hHyN8FoaB2XaUIKHOpYrW0k1So2IW6kra5tWuprvYhQF5ZqiQBBFatbQk1PRXBoHnShSqzbtSBoHQRzrJaV2y1a03jroA5i0pvxrOl8jPB30ut0w7BaPrZvI67TB0pRLzh5690D/sztPs+zOF+8f+MeZW21zST8URt1qpBWeCLMd6vhs3KluGNblEnWE1+vv9nqOY9QNw6qvpoOp7ZzWB/tPzXGw1P2d2awPMC3kkoX0z0+P1eaSf356bLRK81iSZUkkDvZqLpEG/SBOq+2G43IZGaRRXcklVYwQhv+qjKELtn45mta7qsyBKAFGigOOCZ00DjpazcYdMZdU2jX1sTaZOP/c74fDh4a/zQe9rj6WGzeR44Ey3plyyWf9A3898zx7eufKlbOH/s+Bf1x6eqdVLhEHVzmLDB+WnTXFEdNO5UN84/kSW/2G1+Um1NfNMyJV0hIq0nol1WyfBlGaIJhgCZBLFtKhT47W5pJDnxwdqc4qSZQBwJBLqnCgB5MkCuI4KqYU5FFdu77ENPKWlRtDgWmlq2lLV6WV5WMtDIgv6kdKnIAxlCs2NpdU2tXymavtgn55hHm0K8Yp43RC9di0iXM8NOSSs4fefffjm1keRj7rH/jzsTvWYOLKJfLZiPKZ5SSFYweVfFN3fYl5X7X6XU3kVRgPplBfo1wibmj5QQx3QXqJUzlYAuSShfRfH39am0v+6+NPR6lSCQ7ysGo+oaMkgCTqRMmwgDayOicBhKtLxVFcu0DWsNLetLGr9kih9lhLVuZ90SoxH0DlGEqX8JTHcJTLgsVhUvhLvXyujrf1ucQ0RFeDtzrYGXLJZ/0D/+fT7ecPbxW55Oid4ZPRcokyCg9HWnXAFXpsySVyFFEDgusAOutXmjCcZrIcXpIAmAAAIABJREFUTKWUYVdtnXeHDakScgmWALlkIf39o09qc8nfP/pkhBrlYTgppx6azJfka+M4KKcrYu0PfmsuSSLxagy9TN3Uib3p8eZL6q4vMc2CuM5/NZgvGeVaWnnQFU/OmOfy63OJc/pfG0DN8yVVFBkjl6hD66DXzS+LEYdz+2UlI8yXOA6g87KV+vkSx8F0XF8y4nyJoUZyCZYBuWQhJYc/rs0lyeGPm1eY5iN71UDUiZKG15cMH4t3q+inaWy5RB25iytcxJqNJzoaNG25vkSa3rBeX9LwfhxrBHFNz7ivL2l0r5I6pEkDq+HShJrx1bSJcjqiNpdc+ax/4OCFPIqcPfTugf97PmuVS0xTG2EYSnMC0i5YJ4RGub5EOIDu+l1NaBeEGBJFdR2L+34cVyX2k0FcX4IlQC5ZSOcupAf/+ZF7OXeh+W24aiwZjo1Jk/txigrEGQw9gtjP4wgnZ6qbYgxndiwrnU2b7sfRbguy3I+jNmn+/hLjfUVlbdYzPkW9URwb7sdpcAe1+U9t8XJM5SRCfkpGvgfHfD+OPC9huSXEdj/O//fFzTv5o+IS2NFzifGcizqFUnS2uNHGegZELtbsALrqtx23sNcz3I9jnLywf39J+WOSKjEkDeHyGOUUHrEEC49cAsyPD1+F0orl+0uOHyy+v+TCQ0csafr9JYvEMPsxhy4s3GEDdOQSYMbES4y9+nK5Edi/7/XO07yE9RxOg1yyMEOseFfPvPu7IIcMqEUuATAy/n8cAFNCLgEwMnIJgCkhlwAYGbkEwJSQSwCM7O///GjMZd57AMBT5BIAAOALcgkAAPAFuQQAAPiCXAIAAHxBLgEAAL4glwAAAF+QSwAAgC/IJQAAwBfkklmI33p7X7jfvcRvvT3vbgIAMGfkklnYF+5Pb+y4l33h/nl3EwCAOWuTS67v3DEu894XfzXJHK1ySRJ1gjgtnqVx0IkS8UFraRx0FEJDhnatRW3VdYI4tfYziapy4+0IAGChkEtmYVq5JImiKKpCwIRzib0GW7vly3oyMZY0t5JEQhhJ48BWGQBg+ZBLZmE6uSSNgyBOkyogmHNJOfeQrxFeE8d8JUu4com93dqNm+SS5ikHALB0WuWS7TvGZd774q+p5JI8HmRZEok5Q80l1ahePCq2G55cKdOKNPg7comj3WrbceZL0jgwnAoCAKwCcsksTCOXVEmiDAiGXFKFBz2YJFEQx/nraiwxXBBSvG5pV2I9A9QolxSdtV2sAgBYXuSSWZhCLlGygBxHzCd0ykSRB4ok6kTJsIAYX8rqjYnB2a6sihbS1SLNcolUhmgCAKuCXDILk88l8gRHUs56NJkvydfGcVDOlMRqLLEmBne7Tbpdm0u0jKStAAAsLXLJLEw8l6R5qCjlQ3ez60uGj4sTJOJVJlIDpjBQ026Tfo94Pw7XvQLASiGXzMKkc4kaD4aDd9LkfpyiAvFOHPNNMaooqWu3ScfVbhivTBG/v4RQAgArhFwyC1P7XjUAAJYKuWQW+P9xAABoglwCAAB8QS4BAAC+IJcAAABfkEsAAIAvyCUAAMAX5BIAAOALcgkAAPAFuQQAAPiCXAIAAHxBLgEAAL4glwAAsJye7O5eunLtyInTfzv8r78d/teRE6cvXbn2ZHd33v1yIZcspMvXbx49fda9XL5+c97dBADMzd37Dz479eXxM+dubO+8ePHi2fPnN7Z3jp8599mpL+/efzDv3lmRSxbSkZNn7j9+4l6OnDwz724CAObjye7uZ6e+HGxdzrLs+fPnr7/+P1955b/dvXs3y7LB1uXPTn3p7awJuWQhfXridG0u+fTE6dErTqJOEKfFszQOOlEiPhiXXL/RpBptXc/k91qqutOpPQQNa2rRt0nskuH4FPsVRS0P9TjdGGfbyf+I27U+jwM4G3oPR+vz9D8xRtpqIr85w592xbWHY7R46cq142fOlU8vf/310aNHd3f38qfHz5y7dOVaqx2YOnLJQvrki1O1ueSTL06NXG8SRVFUvUkm/vGt1G808Vwysw3nWPMsezDuSDOh7ixBLnGsaV2Vb8bs4Sw/MZqYSBNqJc7sNUaLR06cvrG9k2XZs2fPrl+/fvjw4Z2dnfLVG9s7R9r87ToL5JKF9PHnJ2tzycefnxyx1jQOgjhNqo8B8xs+iYYpv/pTb/haGgflG8zwXrPXXz0WKk/joBNFcmOmDgwrjqW1aj1a54tOCH+7NNvQ0ahC2URr2lJzeeSK9pOoE8XDbordLn40QRQFeivKB1/H/ve43jHjzuatlMrjI2yetD3Utp6X69ReN9i2pLY78V9sjw+g2rqlpPWXecRj4jjU0o+j/NV1v4Om+olRHBDhbSb+cGoO+DgfDuoxEZ+bqnL9rgZxmiWRcLSFX86/Hf7X7t5elmU7OzsHDhz47//2b//73Xe/++67/NXdvb2/Hf6XftB90CaXXNu+Y1zmvS8r5KNjx2tzyUfHjo9WafE7Lf2Wa2+J6mO5eFS+F/J3cfmONscSY/3GttI46KhtZcpnoPDxoZa0zJbLuyHUa+6Ada9t3StZNlE/o0wv5keoPE5JVI5NSdQxHSXx40pvSuqJ+ilp2EnbEbb+Vox/qF3HQf1NsXfcFhpa/oib/WL7fADFPjp/SRq/15zHpKaH6gGrewdN/BNDefNafrfKXZzah4PSopDwXB8ajt+NMrkl0txSmUu+//77g0my75VXDh06VL5KLsGEHT76eW0uOXz085HqrD5wy48Bw1ui+ojQP7+TKIjj/HVHLDHVb2zL+Kr0Li8qaliPKRYItNpq99rQPa022ybKS/Im+Ye+8Lkq/yGW2nbKWJvYE60HDbs06hEe9VBbe95kftt0qBu2O/4vttcH0NjJxt2zlWzwZjfXbNt9y/5O7hNjhDevcWcm/OGQv7212Zmaqly/G8M8IseS6jzO48eP/9d//mf47/9+4cKF8tVlO49DLpm7f356rDaX/PPTY6NUqbxXmnxcin9YRMO/74cFtE9Gd/21bUmfAiL7p4DxgeUjp81e13/0ODfRGy93J5P+hFLG2qQcC8y5xHlw9CHLcEzGO8LtDrXrOMhr9CNs/p1s1u74v9ieH0ClxZG6Z66z5pjYe+j8wRneGhP6xBjpzasd9ul/ONjWa1W5fjdS9YRXlmXCda9Xr175H6+++stf/vLUqeqiw2W77pVcMneHPjlam0sOfXJ0hBrl33X74Gf+2zTJr4Ao/3iKTbHEUX/W+FPGkHhG/9CvCFMRrvJTnS8xfEIlUSeKylfEXGL/tLLW1mK+ZOwjPOqhthwHaWvrZLh7vmSMH3HDX2z/D2DtL0nz95rrmLh7qLVVO3hP/hPD/eZVBvypfTjYckn7+ZIsjQP9AmHxPuH333//nXfe2drayl9awvuEySVz918ff1qbS/7r40+bV5jmnzOl/A1ieicYzoBmwz8r9BPPNfULVaRxYP2LpLYDTT+thHL5Q3VD65DftFF5F12buIsFcVp9SibVVSF6VXKdxp+OtNJxfUnxsP0Rbn2ojY0qv2D2k/Tm30n9RzPqjzir/8X2+gAaD8Iov8yjHZO6Hqqdcb6DZv+JoaSSsX5zWuYSZ1WO3w2xhzLxe9V29/Z29/aW9nvVyCVz9/ePPqnNJX//6JPG9akfAsO3RWJ6w1dTm8Im4rtC+DOjpv50+LnW6XSEP7uKzzrre7vsgDjbb/zrR6tH27bsgHCvintDU5fMHzTOTQzFtI+0pLrgsbiXQ9tltU7t4Ih7OfL9OKYjrB8fc2dGOdSWnquz6BLjtoaPe0O7NR1u/ovt+wEUGnT+kjR/rzmPietQ651xvYOm9InhePMqJ606QZxO68PBnktcVdX8XPQjNrQq30NPLpm75PDHtbkkOfzxvLuJidD//gUAgTWWLCRyyUI6dyE9+M+P3Mu5Cwxly4FcAsAqjQPDJNkiI5cAAABfkEsAAIAvWuWS23eMy7z3BQAALDZyCQAA8AW5BAAA+KJdLvnGuMx7XwAAwGIjlwAAAF+QSwAAgC/IJQAAwBfkEgAA4AtyCQAA8AW5ZBbit97eF+53L/Fbb8+7mwAAzBm5ZBb2hfvTGzvuZV+4f97dBABgzsgls9Akc7TKJfL/NJvGQSdKxAetpXHQkQyb0dbL/4+l3h9rUW1Hako067N7r4cdGqGR8Y/k+Mb5sfrQfwAYBblkFqaVS5IoiqJqlJ1wLhFrKAKHu2Zbf5RK7I2N1fHajRd0XB+nDz70HwBGQS6ZhenkkjQOgjhNqiBgziXFVIQ+9KdxUAYFJTOo41nx3DXO2fsjVhLHgZRcgjhNorKYuX5lF4bbxcraYtuqulRsq6wkX2WsM4oCYU3NkZRXBlFUNiZMFAlFpQ5YOmnqaqMfq/GYJOZnJBUAHiOXzMJUckkxnkkjnDaAVXlDmPLI1+SjZ5lWpMFRyQdlgnHkEkd/pEqEpvKHanowjNLKLuRdN60cDsDlS7adstWp7ptpE3G3pHqqxCMGFC0O5q/bOqmXdP5Y5Rbsx8T+YwEAr5BLZmEauaQazcsRxzCACVMRWjBJoiCOo2IaRB8cJcKYZr5mxNIfQyViMBpOHbhyiWUX9CkWca/LHTSP+HV1mjcpays3F+sxzHtUBQyV13ZSW+PuTO0xGeviHQCYEXLJLEwhlyhjvjwImWf+y4EzH8mSqBMlwwLi+FpWb/qb2vq3trM/etkgTsv+uOdLjLtQMwZrZ5SsJS11GlqvzoJIZ1jUc1LVbqiHQk0F9k7Wd9vSGdcxEX9EBBQA/mqTS67e/sa4zHtf/DX5XCKPXkk569FkviRfG8dBOVMSq7Fk5Fzi7o+xdKJPsFjmFUaeL8nSOJCuwFUrbzdfYrzwxRj7XGfWxLqdndTWuDtTm0vEXpNMAPiKXDILE88laR4qSvk41ez6kuHjjnhZheu6iibra/pjrEY6BWS4dEOszH7ZhGNuQBt7668vcQ32xiNpuL7E3A05NFUd1gOCVrLhj9V9TJSfPrkEgK/IJbMw6VyixoDhUJM0u3Ejk0dE4c97qQVrLlFFSV1/zPUoX3ziOMNguvekZm5A71LdYanLJdodPfJK4UYj4YRJFEnXyCqbmzqplzTvoFab8ZgIsVM9tQQAXiKXzMLUvlcNFrYRf6otjjrez76TAOA9csks8P/jzFIq3DA7i6ZaXUw6w04CwCIhlwAAAF+QSwAAgC/IJQAAwBfkEgAA4AtyCQAA8AW5BAAA+IJcAgAAfEEuAQAAviCXAAAAX5BLAACAL8glAADAF61yya1vjMu89wUAACw2cgkAAPDFiuYS/oNfAAA8tKK5ZF+4//zV2+5lX7h/3t0EAGC1rG4usb30+kcXnzx74S5jl0SdIE6LZ2kcdKJEfNBaGgcdhdCQoV1r0QZl5NqGa0r5jhg6ZGoGAIARkEskBy9ur29s/vTdzx1lXJIoiqJqdJ5wLrHXYGu3fFmPDI4KldqyJOpURdM4kCobf9cAACiQSyqP9p6//PtkfWPzwPErtjJOaRwEcZpUQ7o5l5RzD9XEw/A1ccxXsoRr+Le369jYWmFtbZY5IQAAxrbqueQfl3bKla9+cHJ9Y/Nn751QyjSVD+hZlkRizlBzSTWqF4+K7YanRsq0Ik1xOIZ/R7vVto3nS/Ta8n7ZztGQSwAAk7PSueSNI1vrG5u/OXQ+y7KDF7d/8OvNn7xxKL+4JBs9l1RJohzSDblEGO61YJJEQRznr6uxxHA5R/G6pV2JITgoZYQMotZWdtZ4FQm5BAAwOe1yyY5xmfe+jCDPHNcePP1x7+BLr334zunrL/8h+dHv/npu55FSpjHTOK/nEmkULzNAHgGSqBMlwwJKKHCfdrG3K6uiRZRYyljSilqE8zgAgKlYyFyytvZz29KwhjJzHLl274e//cv6xub6xuafTl0zlmlEnuBIylmPJvMl+do4DsqZkliNJbWnXcztujuslzHWpmUkaQW5BAAwOW1yyZVbO8Zllv0eJ5Rkcub44KtbL7324S8+PPW9vUytNA8VpXzobnZ9yfBxcYJEvMpEasByNsbVrrvHpkYMtcn343DdKwBgehY1l2RaNBlpWyVzvHf25u6L79xlnNQBfTh4J03uxykqEO/EMc5kaF8XEiV17bq7bJiTMdWWin3m+hIAwBQtcC7JhGgy6oZNMgff9woAwIwtdi7JsqxFKMn4/3EAAPDSwucSAACwNMglAADAF+QSAADgC3IJAADwBbkEAAD4glwCAAB8QS4BAAC+IJcAAABfkEsAAIAvyCUAAMAX5BIAAOALcgkAAPAFuQQAAPiCXAIAAHxBLgEAAL4glwAAAF+QSwAAgC/IJQAAwBfkEgAA4AtyCQAA8EWrXHJzx7jMe18AAMBiI5cAAABftMklX9/cMS7z3hcAALDYyCUAAMAX5BIAAOALcgkAAPAFuWQmBr3umqLbG5Qv90PxqVZYLNqgjFzbcE0p7Fs6JG006HWHJacgb1yovh/Kzw3lw377Xk11ZwAAk0QumQn3yNgPwzCsUoFaWM8ZzgqV2rJ+KIz5g163Uf6Yei7pdsOyG/2w23U1Ry4BgJVBLpkJ18g46HW7vUG/ihJqYdPG1gpra9PnZpy5ZNDrdnu9UJpsMa8cVi6vG/S63TBUpkcGve6akJ0GvTAMhW4olQhPhxs2aFdc2RVqr2aOCCoA4CNyyUw4ckkeJLKsHwqjvjqKN54v0WvLz5oYTgXV1VNNURRbl5HGuFJ5XThfZA5V/bAoEvb6PTE5mCqxd0Z8aFs57IP1GAMAPEEumQn9co5qsqBbDZ+Waz8MA6hSRpyeUGrLVfMEckJplEvEhGNfKc3EFM0b689XDnrdsJ9lg153OBFSX4m1XXGuJd9cXFkWNZ0RAwD4hFwyE67TLlq+sBSWTkGYy1jSilpkxPM4I+QSLXk5ckk26IW9QdYPpd1xVlLbmTKYye3K8ySmfAYA8AO5ZCbqTrvkhsNnk3MMtvFer02ZOFFWTDiX2CKIeWU/7PZ6Ybc3aFrJuPMl8lEgmQCAf8glM2EZ/oenMkr5YNo2l5hrk+/HaXPda9NcYrrOw5lLsn6oT6u4KmnervH6EuUcEbkEAPzTLpdsG5d574vHTF8XUl5hIeiHa13xIlBnhUoZS23DyQPtwhZrPfL6UXKJ0JBw+UyT+Q93JcPDJ16GYttEbKs46ML9OMKB4KpXAPARuQQAAPiCXAIAAHxBLgEAAL4glwAAAF+QSwAAgC/IJQAAwBfkEgAA4AtyCQAA8AW5BAAA+IJcAgAAfEEuAQAAviCXzEL81tv7wv3uJX7r7Xl3EwCAOSOXzMK+cP/5q7fdy75w/7y7CQDAnJFLZsGROV7/6OKTZy/cZeySqBPEafEsjYNOlIgPWkvjoKMQGjK0ay0qlRE6lUTi8ySqtrb3XCxVtqHvrLpm9N5qJcc7mgCApsgls2DLHAcvbq9vbP703c8dZVySKIqialidcC5x5QNzu+XL+lifxkEnCKJydRIFQbFVEgkDfxoHxqSQxoEYD5KoCBS1uaRFb5X1tj4BACatTS65fHPbuMx7X/xlzByP9p6//PtkfWPzwPErtjJOaRwEcZpE+syBNPSWkwz5GuE1cbhVRmdXLrG369g4jYOOEA/SOIoiS4oyBgV9ZbFZTS5p1ts4DqTkEsRxpMzuMGUCADNALpmFMnP849JOufLVD06ub2z+7L0TSpmm0uFQWg2ZplxSjefFo2I76dRKKo7LmTOXONqttjXOl0RJEhXNRXFSbpXGgeNsirIbpv44cknT3goHQD0W7uYBAJNELpmFPHO8cWRrfWPzN4fOZ1l28OL2D369+ZM3DuUXl2Sj55Jq9CyHXEMuEf/OV4NJEpWzAtpQrF9foo/aUrsSQ6LJu5TGwbC5KNHOtriu93DMVxguham60Ly3YlzTjwWpBABmo1UuubFtXOa9L/7KM8e1B09/3Dv40msfvnP6+st/SH70u7+e23mklGlMGV3lOGI+oVMOuPkQnUSdMhxow751vsTZrqxKGlFSlEnjKE6zJKrWGFsI4lTbvM18yQi9LZpQWqquYwEAzAC5ZBbKzHHk2r0f/vYv6xub6xubfzp1zVimEXn0TMpZjybzJfnauJy6UK+lyLLawdvSrrvDnSgpJmmGASDfSgtFpsmRVteXjNbbNA7+//buprltJL/j+JRTc0pV3kEOy3OOfBs47SXXFC/ZvePsTMozlxSTy1Ylxhyi9UxqdzO1NZuxld3agTN22V7bGvlBD9YDJVi0nmVKNk1J1pM9zAEk0OgngKJIgtT3UzyQINjdgFz6/9Ro0I7nCx+RltoCAHqPXNIPYub4bmH7089u/eLW9E/mfVK1rodEwpKbbX1J67l4O4tafQ3FO6Vf+4ijFBJdTtLdj2NazHGO+3E6HW14Klp9E0oAYBDIJf0gZY5v57aOP3y072MlF9xWLfc1uUS5H6fdgHgnjlp/dYs2ouUhxn7tQ7ZdY9J+M4mis+8v6Xy0wmlRTwAZBQD6gFzSD1kyB9/3CgAAuaQf+P9xAADIglwCAADyglwCAADyglwCAADyglwCAADyglwCAADyglwCAADyglwCAADyglwCAADyglwCAADyglwCAADyglwCoGOp/69C6mPQRwAgp8glQ4n/cAeD1WWwIJcAMCGXDKWfl365uLZjf/CrH71DLgHQI+SSoWT5tf4v95ffn36w7wN0iVwCoEfIJUPJ9Gv9++XXV67e/Ptvnlj2sfLdguMF7VeB5xRcX3xyboHnFBKEbvLAcIS+qxlx92eje5Vy8RNJaTxlf2UH7cZsep1LKuVisTwuj69SLhbLFdMHwn31B6Vs7fQEXqTxUtiheizZfyLtNuJhW04OMFTOl0t2tI9BH8slov21vn9y9rN/9a9cvTn2bNW0TwrfdV03TgwXnEvEFpIBaPA0Rxh4TkHY5rvtaJKXXKLUWUtZ6iKCaPU2l7RLrFRqbZU35QC156uTE3hh4o41Q874YxJ2Ez9BMsFoIJcMpejX+v+9rEUb//G7qStXb/7Dt8+lfTILPMfxAt9VJwYSlTiaQwi3CO8FnhOlDSl4yLVc+lSixUQn4qfkjaldS0MND9F1nWhLewfHdeWsoSandneB5xRcV25adyCB5ziep+6Z6DfqRRmthVrAEluiv6bDLcLLSrlYLJWK7efGjyS3KcXS9q8rQ26z/+McLwlVN660wgthtkOuz9qDKpZKablErvBq+8Vy2XKOiqVSPFbdyVQOThmD+admOVny8fZt1gfoFXLJUAp/rf/q8cqVqzf/+c5is9n8fvn1X/3Tzb/71Z1wcUnzHLkkjCXNpu+KxV7OJYmi73hB/LlWXY4iQ6KqS7UqjhFC+Y/30QzBNC5L1+pQpTkQKcAkaqllQifwnILSsvZA9HtK/erGmJpMrH/uj5daTzV/m1fKRbWWaz+SjAdSvTP+62qFq25yiVhck1mk9TQarC6O6A4qLPGZ50tM7WveT3Yhv6+fEYmTltCQMqpEy+ZpEKkLgglGwHlyycrmjvYx6GO5RMJf6+vvjv62/P2nn9363czGz/7N/5vP/zhf25f2yS5OElEA0OSSOByowcR3Hc9z21MKyaqurC/RFa6ocW0o0G20dW0YamJj9FwJA+Kb6pkSJ2A0+7U/rN9T6lfJZ7a+29TlEfpq165T2umE+LnuI9Z6qP3X5buFQsHx/O7mS5JXI6JXhosUlgOU8k3a+hL9sSrt27oIm9CeTKG9TLlE/KDhB9E6hMRbXMrBCCCXDKXo1/rj9bd/fe1/r1y9eeXqzf+aXtfuk40UHJJlVX9BR0oAvltw/dYOSmW1TgIIq0vFKq4skNVsNHetHao5UsgjVpKV/liURvQnUDqHiSU80TkUpS2+Ecuk8Jd69Fqut+m5RFei4+ItF7seXseRqnCr0soFVxixIZcko4gcEGwn0Nq+1IXmMpPhZEp7aQ7VNHh72Eg0Qi7BCCCXDCXx1/p3C9uffnbrF7emfzLvky5Zhv1o6iHLfEm41fOcaLrCU/7gN9Yq3xVXY6j7pE2dmLvubr4kbX2JbhbEdv0rw3xJJ2tpk0VXvDijn8tPzyXW6X+lgPYwl8iltVIuhstixHJuXlbSwXyJ5QRal62kz5dYTqZlfUmH8yWaFsklGAXkkqEk/Vr/dm7r+MNH+z52QVjZI2GVzLa+pPVcvFtFvUxjqlVy5W6vcBFb1l7oyNC1YX1JYnrDuL4k4/04xghim56xry/JdK+SXNIShVWzNCGlvuo+Il2O6Fsu0U1tlEqlxJxA4hCME0KdrC8RTqC9fVsXyoIQTaKI17HY78exNWK+GMT6EowAcslQypI5Osklcixp1UZfV3S1t41It8OoZclcq4SLM/FNMZorO4aN1q519+MotwUZ7seRu9R/f4n2vqKoNeMVn3a7rudp7sfJcAe1/k9tcTmmdBEhvCSTvAdHfz9Ocl7CcEtIn+7HiccpT6G0B9u+0cZ4BSS5W6IJ4wm0tS9/tn2SSuWy5n4c7eSF+ftLoh9TohFN0hCWx0iX8IglGHrkkqHE/48zIvLwVSjn0tNcMpRXIzSzHwMYwtCdNkBFLgH6TFxinKsvl+tAb3PJ0JRY8a6eQY93SE4ZkIpcAqBj/P84AHqEXAKgY+QSAD1CLgHQMXIJgB45Vy7Z2NE+Bn0sAPqEXAKgR8glADqWejtY6mPQRwAgp8glAAAgL8glAAAgL8glAAAgL8glAAAgL8glAAAgL8glAAAgL8glAAAgL8glAAAgL8gl/eB99ZvUr5nyvvrNoIcJAMCAkUv64eelXwabNfuDb8AEAIBc0g9ZMse5convFhwvaL8KPKfg+uKTcws8pyAROtL0a9xVHm+kNUBNT/Hnxf2NjQIARge5pB96lUt813XduF5fcC4xt2DqN3pbGyJ8txDvFnhOcielx8BzhP2bvks0AYDRRy44uinpAAAKx0lEQVTph97kksBzHC/w44CgzyXRnEO4RXhPzAZSlrDlEnO/tg/rcoetRzXcdJ+2AAB5Ry7ph57kknZd910xZ8i5JC7v7WdRHgivoERpxT57kanf+LPKzEZqqJB2MMy5AABGG7mkH3qRS+IkEQUETS6Jw4MaTHzX8bzwfTmWaFZ9tN839JugCSBKD5odpFzC3AgAXD7nySUvN3a0j0EfS371IJdIWSAZR/QXdKJoENZ83y24fmsHJQUYpzes/SbFi1ZdP7FP3IZu0a40WADAZUIu6YeLzyXJsu1Hsx5Z5kvCrZ7nRDMlnjI5Ycol9n5TRiztZLiZSPuubUwAgNFBLumHC88lQRgqImFAyLa+pPW8PVkhrjJJdGC4GmPr1066o0Z6yf04AABySX9cdC6R40ErdPhZ7sdpNyDeiaO/e0bm+mn9Zhm4aRWKNtzw/SUAcMmQS/qhZ9+rBgDASCGX9AP/Pw4AAFmQSwAAQF6QSwAAQF6QSwAAQF6cL5dsax+DPhYAADDcyCUAACAvyCUAACAvyCUAACAvyCUAACAvyCUAACAvyCUAACAvyCUAOnb77v0uH4M+AgA5da5csr6tfQz6WC6R6sbWxMyc/VHd2Br0MDGybt+9v9oFcgkAE3LJUHo89aJ+8N7+eDz1YtDDxMgilwDoEXLJUHr0fMYURx48f7G1W68fvH/0fGbQw8TIIpcA6BFyyVB6+HRaG0oqqxtffPn1l7+/WT94//DpdOcN+27B8YL2q8BzCq4vPjm3wHMKCUI3eWA4Qt/VjLj7s9G9Srn4iaQ0nrK/soN2Yza9ziWVcrFYHpfHVykXi+WK/QD1B6Vs7fQEXqTxUtiheizZfyLtNuJhW04OMFTIJUPpwZMpNZTsNQ7//Xf/c+36jT89+LF+8P7Bk6mO2/Vd13XjxHDBuURsIRmABk9zhIHnFIRtvtuOJnnJJUqdtZSlLiKIVm9zSbvESqXWVnlTDlB7vjo5gRcm7lgz5Iw/JmE38RMkE4wGcslQuj/5LMwi89W1KJf8+S+T167f+M9v//hm/7B+8P7+5LMOWw08x/EC31UnBhKVOJpDCLcI7wWeE6UNKXjItVz6VKLFRCfip+SNqV1LQw0P0XWdaEt7B8d15ayhJqd2d4HnFFxXblp3IIHnOJ6n7pnoN+pFGa2FWsASW6K/psMtwstKuVgslYrt58aPJLcpxdKWS+bufDM2/mMXuWS8JFTduNIKL4TZDrk+aw+qWCql5RK5wqvtF8tlyzkqlkrxWHUnUzk4ZQzmn5rlZMnH27dZH6BXyCVD6d7Ek/rB+4fT89eu37j9+Fn94P3y6tYXX35d/vVvN2tvw5hyb+JJZ42GsaTZ9F2x2Mu5JFH0HS+IP9eqy1FkSFR1KZfEMUIo//E+miGYxmXpWh2qNAciBZhEHLBM6ASeU1Ba1h6Ifk+pX90YU5OJ9c/98VLrqeZv80q5qNZy7UeS8UCqd8Zc8uP42NjY2Nj3S82jvXPmErG4JrNI62k0WF0c0R1UWOIzz5eY2te8n+xCfl8/IxInLaEhZVSJls3TIFIXBBOMAHLJULr7aLJ+8L669br8699+7n01Obf0H//93efeV7PL1Wj65O6jyY7ajJNEFAA0uSQOB2ow8V3H89z2lEKyqivrS3SVN2pcGwp0G21dG4aa2Bg9V8KA+KZ6psQJGM1+7Q/r95T6VfKZre82dXmEvtq165R2OiF+rvuItR5qc8mP42NjY9/cmZ74w9gPL8+dS5JXI6JXhosUlgOU8k3a+hL9sSrt27oIm9CeTKG9TLlE/KDhB9E6hMRbXMrBCCCXDKU7Dyei6zhffPn1tes3rl2/8ee/TIrLTe48nOikSSk4JMuq/oKOlAB8t+D6rR2UymqdBBBWl4pVXFkgq9lo7lo7VHOkkEesJCv9sSiN6E+gdA4TS3iic9jJsmCxTAp/qUev5Xqbnkt0JTou3nKxM82X7B01m3uTv+9mvkSqwq1KKxdcYcSGXJKMInJAsJ1Aa/tSF5rLTIaTKe2lOVTT4O1hI9EIuQQjgFwylH548CjKHxMzi9eu3xj7w5/CZSXR44cHjzpoMVmG/WjqIct8SbjV85xousJT/uA35hLfFVdjqPukTZ2Yu+5uviRtfYluFsR2/SvDfEkna2mTRVe8OKOfy0/PJdbpf6WApq0v6SKXyKW1Ui6Gy2LEcm5eVtLBfInlBFqXraTPl1hOpmV9SYfzJZoWySUYBefJJcH6tvYx6GO5RG7ffyhGkHtPZ8PvLBEft+8/zN5gEFb2SFgls60vaT0X71ZRL9OYcolcudsrXMSWtRc6MnRtWF+SmN4wri/JeD+OMYLYpmfs60sy3askl7REYdUsTUipr7qPSJcj+pZLdFMbpVIpMSeQOATjhFAn60uEE2hv39aFsiBEkyjidSz2+3FsjZgvBrG+BCOAXDKU/HsPUr/v1b/3IHN7cixp1UY/y/047QbEGQw1gpiv4wgXZ+KbYjRXdgwbrV3r7sdRbgsy3I8jd6n//hLtfUVRa8YrPu12Xc/T3I+T4Q5q/Z/a4nJM6SJCeEkmeQ+O/n6c5LyE4ZaQXuYS7TUXeQqlPdj2jTbGKyDJ3bKdQFv7pvNWKpc19+NoJy/M318S/ZgSjWiShrA8RrqERyzB0COXDKX5peD7u/ftj/mlHH09CPTy8FUo59LTXDKUVyM0sx8DGMLQnTZANTEx0VkumZiYIJcAXRCXGOfqy+U60NtcMjQlVryrZ9DjHZJTBqQilwDoWMr3vW43zrrLJQAurc5yyfT09OTkJLkEuOT4f/sA9Mjk5OT09HSmXFKpVGZnZ58+fUouAS45cgmAHnn69Ons7GylUknJJaurq8vLy3Nzc1NTU+QS4JIjlwDokampqbm5ueXl5dXVVX0uqdfrr1+/Xl9fD4JgcXFxdnaWXAJccrfv3u/yMegjAJBTs7Ozi4uLQRCsr6+/fv1aziXHx8fv3r2r1WobGxvVanV5eXl+fp5cAgAAemF+fn55eblarW5sbNRqtXfv3h0fH8e55OTkpNFo7O7ubm9vr62traysLC0tkUsAAEAvLC0traysrK2tbW9v7+7uNhqNk5OTOJecnp4eHBy8ffu2Vqttbm6urq6G0WRhYeHFixczMzNTU1NTU1PPnz9/BgAAkNnz58/DFDEzM/PixYuFhYUwlKyurm5ubtZqtbdv3x4cHJyenrZySbPZPDs7Ozo6ajQae3t7Ozs7Gxsba2tr1Wo1CIKlpaXFxcWFhYU5AACAc1lYWFhcXFxaWgqCoFqtrq2tbWxs7Ozs7O3tNRqNo6Ojs7OzZrPZyiUfP348OTk5PDys1+thNNna2lpfX3/16lW1Wl1ZWXn58mUAAABwLi9fvlxZWalWq69evVpfX9/a2trZ2dnd3a3X6wcHBycnJx8/foxzSbPZ/PDhw/Hx8cHBwbt37968eVOr1cJ0srm5uQEAANC1zc3NMJHUarU3b97U6/X9/f3j4+MPHz6EaeQTYQ1K8+zs7Pj4+PDwsNFo1Ov1N2/e7O3t7e7u1gAAALq2u7u7t7cXJpJGo3F4eHh8fBxewdHkknDW5OTk5Ojo6PDwcH9/f39/vwEAAHBBwnRxeHh4dHR0cnISzZToc0m41uTs7Oz09PQEAACgB05PT8/OzsI1JSm5JPQTAABAz2jjx/8D4qVZBYIngBcAAAAASUVORK5CYII=" /></P><P>Is there anything else that needs to be enabled/permitted?</P><P>It worked perfectly with local users authentication and EAP-MD5.</P><P><STRONG>Update:</STRONG> looks like the only mode working is EAP-MD5 (with local users, AD doesn´t support it). Trying to use EAP-GTC with both local and AD identity sources fails with the same message saying EAP-GTC is not permitted by Allowed Protocols List while the protocol IS being permitted.</P><P>&nbsp;</P><P><STRONG>Update:</STRONG> It looks like ISE is declaring PEAP expecting to perform MS-CHAPv2 as inner method and AnyConnect Client says MS-CHAPv2 directly, so the systems fail to negotiate.</P><P>ISE says PEAP:</P><P><EM>12300&nbsp;&nbsp; Prepared EAP-Request proposing PEAP with challenge</EM></P><P>AnyConnect responds, "no, I want EAP-MSCHAP":</P><P><EM>11801&nbsp;&nbsp; Extracted EAP-Response/NAK requesting to use EAP-MSCHAP <STRONG>instead</STRONG></EM></P><P>Which is weird, because EAP-MSCHAP IS actually MSCHAP inside PEAP or EAP-FAST. I suppose there is no such thing as using EAP-MSCHAP <STRONG>instead</STRONG> of PEAP, but inside of it.</P><P>If I choose EAP-MD5 it works, because EAP-MD5 is declared as EAP-MD5 by both sides. The problem is you can't youse EAP-MD5 with Active Directory, only with local users.</P><P>&nbsp;</P><P>Is there any way to overcome this?</P> Mon, 11 Mar 2019 05:44:19 GMT https://community.cisco.com/t5/network-access-control/ise-anyconnect-active-directory-eap-mschap-not-allowed/m-p/2715335#M55503 asigachev 2019-03-11T05:44:19Z https://community.cisco.com/t5/network-access-control/ise-anyconnect-active-directory-eap-mschap-not-allowed/m-p/2715336#M55505 <P>Are you using the AD connector in ISE or LDAP to connect to AD ?</P> Tue, 19 May 2015 18:31:54 GMT https://community.cisco.com/t5/network-access-control/ise-anyconnect-active-directory-eap-mschap-not-allowed/m-p/2715336#M55505 jan.nielsen 2015-05-19T18:31:54Z https://community.cisco.com/t5/network-access-control/ise-anyconnect-active-directory-eap-mschap-not-allowed/m-p/2715337#M55509 <P>AD connector. (AD Join feature)</P> Tue, 19 May 2015 19:22:59 GMT https://community.cisco.com/t5/network-access-control/ise-anyconnect-active-directory-eap-mschap-not-allowed/m-p/2715337#M55509 asigachev 2015-05-19T19:22:59Z https://community.cisco.com/t5/network-access-control/ise-anyconnect-active-directory-eap-mschap-not-allowed/m-p/2715338#M55511 <P>Sounds strange, is your AnyConnect VPN setup using SSL or IKEv2 ?</P><P>&nbsp;</P><P>Maybe try to remove all thos unneeded protocols, so only mschap_v2 is the only on left in your authentication allowed protocols list.</P> Thu, 21 May 2015 21:28:33 GMT https://community.cisco.com/t5/network-access-control/ise-anyconnect-active-directory-eap-mschap-not-allowed/m-p/2715338#M55511 jan.nielsen 2015-05-21T21:28:33Z https://community.cisco.com/t5/network-access-control/ise-anyconnect-active-directory-eap-mschap-not-allowed/m-p/2715339#M55513 <P>I use IKEv2-IPSEC.</P><P>I tried to remove all the unneded protocols. There is an option to leave EAP-MSCHAP under PEAP or under EAP-FAST, I tried both. In first case ISE proposes PEAP and Anyconnect responds with EAP-MSCHAP and negotiation fails, in the second case same thing happens with EAP-FAST.<BR />&nbsp;</P><P>Have you ever seen the solution working?</P><P>&nbsp;</P><P>The thing is as far as I remember when you set up EAP authentication on Wireless LAN controller for example, you have setting options very similar to the ones you have on ISE, i.e. PEAP with MS-CHAP inside or EAP-FAST with MS-CHAP. So during the negotiation ISE proposes PEAP, WLC responds PEAP, they agree and then all the MS-CHAP exchange goes inside. In the case of Anyconnect VPN client you have no option to choose between PEAP and EAP-FAST, it is just EAP-MSCHAPv2 option.</P> Fri, 22 May 2015 12:22:25 GMT https://community.cisco.com/t5/network-access-control/ise-anyconnect-active-directory-eap-mschap-not-allowed/m-p/2715339#M55513 asigachev 2015-05-22T12:22:25Z https://community.cisco.com/t5/network-access-control/ise-anyconnect-active-directory-eap-mschap-not-allowed/m-p/2715340#M55517 <P>Hello,</P><P>&nbsp;</P><P>I'm facing the same problem.</P><P>Did you manage to solve this?</P><P>&nbsp;</P><P>Thank you</P> Fri, 09 Oct 2015 06:12:09 GMT https://community.cisco.com/t5/network-access-control/ise-anyconnect-active-directory-eap-mschap-not-allowed/m-p/2715340#M55517 decode.chr13 2015-10-09T06:12:09Z https://community.cisco.com/t5/network-access-control/ise-anyconnect-active-directory-eap-mschap-not-allowed/m-p/2715341#M55521 <P><SPAN style="color: rgb(37, 37, 37); font-family: sans-serif; font-size: 14px; line-height: 22.3999996185303px;">EAP is an authentication framework, not a specific authentication mechanism.&nbsp;</SPAN><SPAN style="font-size: 14px;">ISE is fully IETF compliant RADIUS server.&nbsp;</SPAN><SPAN style="color: rgb(37, 37, 37); font-family: sans-serif; font-size: 14px; line-height: 22.3999996185303px;">MSCHAP is not a IETF supported inner method for EAP, however MD5 is</SPAN><SPAN style="font-size:14px;">&nbsp;analogous to the PPP CHAP protocol, so EAP-MD5 could be used. &nbsp;The&nbsp;EAP method's defined IETF RFC's are EAP-MD5, EAP-POTP, EAP-GTC, EAP-TLS, EAP-IKEv2, EAP-SIM, EAP-AKA and EAP-AKA'. The commonly used modern methods capable of operating in wireless networks include EAP-TLS, EAP-SIM, EAP-AKA, LEAP and EAP-TTLS. PEAP (Protected EAP) has two IETF defined inner methods (PEAPv1) EAP-GTC, MSCHAPv2 (PEAPv0). There are also many vendor specific EAP types outside of these.</SPAN></P><P>&nbsp;</P> Fri, 09 Oct 2015 15:02:52 GMT https://community.cisco.com/t5/network-access-control/ise-anyconnect-active-directory-eap-mschap-not-allowed/m-p/2715341#M55521 waynesymes 2015-10-09T15:02:52Z https://community.cisco.com/t5/network-access-control/ise-anyconnect-active-directory-eap-mschap-not-allowed/m-p/2715342#M55524 <P><SPAN style="font-size:12px;"><SPAN class="fullname"><SPAN rel="sioc:has_creator"><A class="username" href="https://supportforums.cisco.com/users/waynesymes" title="View user profile.">Hi waynesymes,</A></SPAN></SPAN></SPAN></P><P>&nbsp;</P><P><SPAN style="font-size:12px;"><SPAN class="fullname"><SPAN rel="sioc:has_creator">I agree with you that ALL vendors should follow and be compliant with a RFC/draft/etc, but as we all know is not always the case in this world.</SPAN></SPAN></SPAN></P><P><SPAN style="font-size:12px;">I would gladly use EAP-MD5 even if is collision and MITM prone, if I would have one of the following tools:</SPAN></P><P><SPAN style="font-size:12px;">a) A sharp tool to determine Microsoft to accept MD5 challenge in user auth.</SPAN></P><P><SPAN style="font-size:12px;">b) A tool to export/import AD users (including updates of password or account status) through ERS in ISE</SPAN></P><P><SPAN style="font-size:12px;">As I don't have either one, I'm trying to make AD happy, ISE happy and me happy <span class="lia-unicode-emoji" title=":slightly_smiling_face:">🙂</span></SPAN></P><P><SPAN style="font-size:12px;">Now, leaving the joke aside, the problem, I think, resides in ISE as long as me and </SPAN>asigachev<SPAN style="font-size:12px;"> checked the EAP-FAST/PEAP with MSCHAPv2 method, but when authentication occurs, ISE says is not checked. </SPAN></P><P><SPAN style="font-size:12px;">It is also true that in every configuration guide involving FlexVPN, IOS/IOS XE and Anyconnect client, when MSCHAPv2 was mentioned there was always a Microsoft Radius configured and never saw ISE. Now I wonder why...</SPAN></P><P>&nbsp;</P><P>&nbsp;</P> Fri, 09 Oct 2015 15:43:08 GMT https://community.cisco.com/t5/network-access-control/ise-anyconnect-active-directory-eap-mschap-not-allowed/m-p/2715342#M55524 decode.chr13 2015-10-09T15:43:08Z https://community.cisco.com/t5/network-access-control/ise-anyconnect-active-directory-eap-mschap-not-allowed/m-p/2715343#M55531 <P>Hi, Cristi</P> <P>Looks like I am on my way. Will update soon.</P> <P></P> <P></P> <P></P> Mon, 02 Nov 2015 17:10:03 GMT https://community.cisco.com/t5/network-access-control/ise-anyconnect-active-directory-eap-mschap-not-allowed/m-p/2715343#M55531 asigachev 2015-11-02T17:10:03Z https://community.cisco.com/t5/network-access-control/ise-anyconnect-active-directory-eap-mschap-not-allowed/m-p/2715344#M55536 <P>So, basically, we had to upgrade the router IOS so we got anyconnect-eap method support. For our platform which is ASR1000 we went to 15.5(3)S (03.16.00.S)</P> <H6 class="prettyprint"><SPAN style="font-size: 8pt;"><SPAN style="font-size: 12pt;">The TAC engineer says it works, I didn't have time to test it yet, so if you try it, please post the result here. </SPAN></SPAN></H6> <PRE class="prettyprint">crypto ikev2 profile AC<BR />&nbsp;match identity remote key-id cisco.com<BR />&nbsp;identity local dn <BR />&nbsp;authentication remote <STRONG>anyconnect-eap</STRONG> aggregate<BR />&nbsp;authentication local rsa-sig<BR />&nbsp;pki trustpoint my.verisign.trustpoint<BR />&nbsp;dpd 60 2 on-demand<BR />&nbsp;aaa authentication anyconnect-eap AC<BR />&nbsp;aaa authorization user <STRONG>anyconnect-eap</STRONG> cached<BR />&nbsp;virtual-template 40</PRE> <P></P> <P>And here is the profile used</P> <PRE class="prettyprint"><SPAN style="font-size: 8pt;">&lt;?xml version="1.0" encoding="UTF-8"?&gt;</SPAN><BR /><SPAN style="font-size: 8pt;">&lt;AnyConnectProfile xmlns="http://schemas.xmlsoap.org/encoding/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://schemas.xmlsoap.org/encoding/ AnyConnectProfile.xsd"&gt;</SPAN><BR /><SPAN style="font-size: 8pt;">&lt;ClientInitialization&gt;</SPAN><BR /><SPAN style="font-size: 8pt;">&lt;UseStartBeforeLogon UserControllable="true"&gt;false&lt;/UseStartBeforeLogon&gt;</SPAN><BR /><SPAN style="font-size: 8pt;">&lt;AutomaticCertSelection UserControllable="true"&gt;true&lt;/AutomaticCertSelection&gt;</SPAN><BR /><SPAN style="font-size: 8pt;">&lt;ShowPreConnectMessage&gt;false&lt;/ShowPreConnectMessage&gt;</SPAN><BR /><SPAN style="font-size: 8pt;">&lt;CertificateStore&gt;All&lt;/CertificateStore&gt;</SPAN><BR /><SPAN style="font-size: 8pt;">&lt;CertificateStoreOverride&gt;false&lt;/CertificateStoreOverride&gt;</SPAN><BR /><SPAN style="font-size: 8pt;">&lt;ProxySettings&gt;Native&lt;/ProxySettings&gt;</SPAN><BR /><SPAN style="font-size: 8pt;">&lt;AllowLocalProxyConnections&gt;false&lt;/AllowLocalProxyConnections&gt;</SPAN><BR /><SPAN style="font-size: 8pt;">&lt;AuthenticationTimeout&gt;12&lt;/AuthenticationTimeout&gt;</SPAN><BR /><SPAN style="font-size: 8pt;">&lt;AutoConnectOnStart UserControllable="true"&gt;false&lt;/AutoConnectOnStart&gt;</SPAN><BR /><SPAN style="font-size: 8pt;">&lt;MinimizeOnConnect UserControllable="true"&gt;true&lt;/MinimizeOnConnect&gt;</SPAN><BR /><SPAN style="font-size: 8pt;">&lt;LocalLanAccess UserControllable="true"&gt;false&lt;/LocalLanAccess&gt;</SPAN><BR /><SPAN style="font-size: 8pt;">&lt;ClearSmartcardPin UserControllable="true"&gt;false&lt;/ClearSmartcardPin&gt;</SPAN><BR /><SPAN style="font-size: 8pt;">&lt;IPProtocolSupport&gt;IPv4&lt;/IPProtocolSupport&gt;</SPAN><BR /><SPAN style="font-size: 8pt;">&lt;AutoReconnect UserControllable="false"&gt;true</SPAN><BR /><SPAN style="font-size: 8pt;">&lt;AutoReconnectBehavior UserControllable="false"&gt;ReconnectAfterResume&lt;/AutoReconnectBehavior&gt;</SPAN><BR /><SPAN style="font-size: 8pt;">&lt;/AutoReconnect&gt;</SPAN><BR /><SPAN style="font-size: 8pt;">&lt;AutoUpdate UserControllable="false"&gt;true&lt;/AutoUpdate&gt;</SPAN><BR /><SPAN style="font-size: 8pt;">&lt;RSASecurIDIntegration UserControllable="false"&gt;Automatic&lt;/RSASecurIDIntegration&gt;</SPAN><BR /><SPAN style="font-size: 8pt;">&lt;WindowsLogonEnforcement&gt;SingleLocalLogon&lt;/WindowsLogonEnforcement&gt;</SPAN><BR /><SPAN style="font-size: 8pt;">&lt;WindowsVPNEstablishment&gt;LocalUsersOnly&lt;/WindowsVPNEstablishment&gt;</SPAN><BR /><SPAN style="font-size: 8pt;">&lt;AutomaticVPNPolicy&gt;false&lt;/AutomaticVPNPolicy&gt;</SPAN><BR /><SPAN style="font-size: 8pt;">&lt;PPPExclusion UserControllable="false"&gt;Automatic</SPAN><BR /><SPAN style="font-size: 8pt;">&lt;PPPExclusionServerIP UserControllable="false"&gt;&lt;/PPPExclusionServerIP&gt;</SPAN><BR /><SPAN style="font-size: 8pt;">&lt;/PPPExclusion&gt;</SPAN><BR /><SPAN style="font-size: 8pt;">&lt;EnableScripting UserControllable="false"&gt;false&lt;/EnableScripting&gt;</SPAN><BR /><SPAN style="font-size: 8pt;">&lt;EnableAutomaticServerSelection UserControllable="true"&gt;false</SPAN><BR /><SPAN style="font-size: 8pt;">&lt;AutoServerSelectionImprovement&gt;20&lt;/AutoServerSelectionImprovement&gt;</SPAN><BR /><SPAN style="font-size: 8pt;">&lt;AutoServerSelectionSuspendTime&gt;4&lt;/AutoServerSelectionSuspendTime&gt;</SPAN><BR /><SPAN style="font-size: 8pt;">&lt;/EnableAutomaticServerSelection&gt;</SPAN><BR /><SPAN style="font-size: 8pt;">&lt;RetainVpnOnLogoff&gt;false</SPAN><BR /><SPAN style="font-size: 8pt;">&lt;/RetainVpnOnLogoff&gt;</SPAN><BR /><SPAN style="font-size: 8pt;">&lt;AllowManualHostInput&gt;true&lt;/AllowManualHostInput&gt;</SPAN><BR /><SPAN style="font-size: 8pt;">&lt;/ClientInitialization&gt;</SPAN><BR /><SPAN style="font-size: 8pt;">&lt;ServerList&gt;</SPAN><BR /><SPAN style="font-size: 8pt;">&lt;HostEntry&gt;</SPAN><BR /><SPAN style="font-size: 8pt;">&lt;HostName&gt;YOURHOSTNAME&lt;/HostName&gt;</SPAN><BR /><SPAN style="font-size: 8pt;">&lt;HostAddress&gt;x.x.x.x&lt;/HostAddress&gt;</SPAN><BR /><SPAN style="font-size: 8pt;">&lt;PrimaryProtocol&gt;IPsec</SPAN><BR /><SPAN style="font-size: 8pt;">&lt;StandardAuthenticationOnly&gt;true</SPAN><BR /><SPAN style="font-size: 8pt;">&lt;IKEIdentity&gt;cisco.com&lt;/IKEIdentity&gt;</SPAN><BR /><SPAN style="font-size: 8pt;">&lt;/StandardAuthenticationOnly&gt;</SPAN><BR /><SPAN style="font-size: 8pt;">&lt;/PrimaryProtocol&gt;</SPAN><BR /><SPAN style="font-size: 8pt;">&lt;/HostEntry&gt;</SPAN><BR /><SPAN style="font-size: 8pt;">&lt;/ServerList&gt;</SPAN><BR /><SPAN style="font-size: 8pt;">&lt;/AnyConnectProfile&gt;<BR /></SPAN></PRE> Tue, 03 Nov 2015 12:45:31 GMT https://community.cisco.com/t5/network-access-control/ise-anyconnect-active-directory-eap-mschap-not-allowed/m-p/2715344#M55536 asigachev 2015-11-03T12:45:31Z https://community.cisco.com/t5/network-access-control/ise-anyconnect-active-directory-eap-mschap-not-allowed/m-p/2715345#M55539 <P>Hi,</P> <P></P> <P>We will test it tonight and update here.</P> <P>Authentication method in Anyconnect, I guess it must be: EAP-Anyconnect.</P> <P>Authentication protocol in ISE, must be? I'll check them all anyway to see which one it picks up.</P> <P></P> <P>Thanks,</P> <P>C</P> <P></P> Wed, 04 Nov 2015 11:02:04 GMT https://community.cisco.com/t5/network-access-control/ise-anyconnect-active-directory-eap-mschap-not-allowed/m-p/2715345#M55539 Cristi Romano 2015-11-04T11:02:04Z https://community.cisco.com/t5/network-access-control/ise-anyconnect-active-directory-eap-mschap-not-allowed/m-p/2715346#M55542 <P>Authentication protocol on ISE is PAP in our case.</P> <P>I have just tested and it works, I will try to reproduce all the configuration one more time later.</P> <P>One more important thing I have just noticed in the solution proposed is that you have to change the Anyconnect Client local policy to bypass client update download, otherwise the client fails to establish the connection saying "The VPN client failed to establish a connection"</P> <P>Open the file <EM>C:\ProgramData\Cisco\Cisco AnyConnect Secure Mobility Client\AnyConnectLocalPolicy.xml</EM></P> <P>and change <EM>&lt;BypassDownloader&gt;</EM> option to <EM>True</EM>.</P> Wed, 04 Nov 2015 14:01:38 GMT https://community.cisco.com/t5/network-access-control/ise-anyconnect-active-directory-eap-mschap-not-allowed/m-p/2715346#M55542 asigachev 2015-11-04T14:01:38Z https://community.cisco.com/t5/network-access-control/ise-anyconnect-active-directory-eap-mschap-not-allowed/m-p/2715347#M55543 <H5><SPAN style="font-family: arial, helvetica, sans-serif; font-size: 10pt;">Hi,</SPAN></H5> <H5></H5> <H5><SPAN style="font-family: arial, helvetica, sans-serif; font-size: 10pt;">I also noticed auth proto is PAP. Wonder if it can be changed.</SPAN></H5> <H5><SPAN style="font-family: arial, helvetica, sans-serif; font-size: 10pt;">We've done the following steps:</SPAN></H5> <H5><SPAN style="font-family: arial, helvetica, sans-serif; font-size: 10pt;">1) Upgraded to 3.16.</SPAN></H5> <H5><SPAN style="font-family: arial, helvetica, sans-serif; font-size: 10pt;">2) Used your config, but noticed that we need to <SPAN style="text-decoration: underline;"><STRONG>add</STRONG></SPAN> to your suggested config:</SPAN></H5> <H5 class="prettyprint prettyprinted"><SPAN class="pln" style="font-family: arial, helvetica, sans-serif; font-size: 10pt;">crypto ikev2 profile AC</SPAN><BR /><SPAN style="font-family: arial, helvetica, sans-serif; font-size: 10pt;"><SPAN class="pln">&nbsp;match identity remote key</SPAN><SPAN class="pun">-</SPAN><SPAN class="pln">id *$AnyConnectClient$*</SPAN></SPAN></H5> <H5><SPAN style="font-family: arial, helvetica, sans-serif; font-size: 10pt;">otherwise the router would not pick any profile and throw an error that no matching profile was found. Is this also your situation?</SPAN></H5> <H5><SPAN style="font-family: arial, helvetica, sans-serif; font-size: 10pt;">3) Anyconnect now: </SPAN></H5> <H5><SPAN style="font-family: arial, helvetica, sans-serif; font-size: 10pt;">- connects to router</SPAN></H5> <H5><SPAN style="font-family: arial, helvetica, sans-serif; font-size: 10pt;">- asks for user/pass</SPAN></H5> <H5><SPAN style="font-family: arial, helvetica, sans-serif; font-size: 10pt;">- router sends info to ISE</SPAN></H5> <H5><SPAN style="font-family: arial, helvetica, sans-serif; font-size: 10pt;">- ISE succesufully authenticates and sends back to router: Authorization: Permit</SPAN></H5> <H5><SPAN style="font-family: arial, helvetica, sans-serif; font-size: 10pt;">- router then needs some info that does not get or understands:</SPAN></H5> <H5><SPAN style="font-family: 'courier new', courier, monospace; font-size: 10pt;">&lt;some of the data&gt;</SPAN></H5> <H5><SPAN style="font-family: 'courier new', courier, monospace; font-size: 10pt;">004419: *Nov 5 08:12:34.093 EET: IKEv2:(SESSION ID = 58,SA ID = 1):Config-type: Config-request</SPAN><BR /><SPAN style="font-family: 'courier new', courier, monospace; font-size: 10pt;">004420: *Nov 5 08:12:34.093 EET: IKEv2:(SESSION ID = 58,SA ID = 1):Attrib type: ipv4-addr, length: 0</SPAN><BR /><SPAN style="font-family: 'courier new', courier, monospace; font-size: 10pt;">004421: *Nov 5 08:12:34.093 EET: IKEv2:(SESSION ID = 58,SA ID = 1):Attrib type: ipv4-netmask, length: 0</SPAN><BR /><SPAN style="font-family: 'courier new', courier, monospace; font-size: 10pt;">004422: *Nov 5 08:12:34.093 EET: IKEv2:(SESSION ID = 58,SA ID = 1):Attrib type: ipv4-dns, length: 0</SPAN><BR /><SPAN style="font-family: 'courier new', courier, monospace; font-size: 10pt;">004423: *Nov 5 08:12:34.093 EET: IKEv2:(SESSION ID = 58,SA ID = 1):Attrib type: ipv4-nbns, length: 0</SPAN><BR /><SPAN style="font-family: 'courier new', courier, monospace; font-size: 10pt;">004424: *Nov 5 08:12:34.093 EET: IKEv2:(SESSION ID = 58,SA ID = 1):Attrib type: unknown, length: 0</SPAN><BR /><SPAN style="font-family: 'courier new', courier, monospace; font-size: 10pt;">004425: *Nov 5 08:12:34.093 EET: IKEv2:(SESSION ID = 58,SA ID = 1):Attrib type: app-version, length: 32, data: AnyConnect Darwin_i386 4.0.00048</SPAN><BR /><SPAN style="font-family: 'courier new', courier, monospace; font-size: 10pt;">004426: *Nov 5 08:12:34.093 EET: IKEv2:(SESSION ID = 58,SA ID = 1):Attrib type: ipv4-subnet, length: 0</SPAN></H5> <H5><SPAN style="font-family: 'courier new', courier, monospace; font-size: 10pt;">&lt;...&gt;</SPAN></H5> <H5><SPAN style="font-family: 'courier new', courier, monospace; font-size: 10pt;">004467: *Nov 5 08:12:34.094 EET: IKEv2-ERROR:IKEv2 responder - unsupported attrib unknown in cfg-req</SPAN><BR /><SPAN style="font-family: 'courier new', courier, monospace; font-size: 10pt;">004468: *Nov 5 08:12:34.094 EET: IKEv2-ERROR:IKEv2 responder - unsupported attrib unknown in cfg-req</SPAN><BR /><SPAN style="font-family: 'courier new', courier, monospace; font-size: 10pt;">004469: *Nov 5 08:12:34.094 EET: IKEv2-ERROR:IKEv2 responder - unsupported attrib unknown in cfg-req</SPAN><BR /><SPAN style="font-family: 'courier new', courier, monospace; font-size: 10pt;">004470: *Nov 5 08:12:34.094 EET: IKEv2-ERROR:IKEv2 responder - unsupported attrib unknown in cfg-req</SPAN><BR /><SPAN style="font-family: 'courier new', courier, monospace; font-size: 10pt;">004471: *Nov 5 08:12:34.094 EET: IKEv2-ERROR:IKEv2 responder - unsupported attrib reconnect-cleanup-interval in cfg-req</SPAN><BR /><SPAN style="font-family: 'courier new', courier, monospace; font-size: 10pt;">004472: *Nov 5 08:12:34.095 EET: IKEv2-ERROR:IKEv2 responder - unsupported attrib unknown in cfg-req</SPAN><BR /><SPAN style="font-family: 'courier new', courier, monospace; font-size: 10pt;">004473: *Nov 5 08:12:34.095 EET: IKEv2-ERROR:IKEv2 responder - unsupported attrib unknown in cfg-req</SPAN><BR /><SPAN style="font-family: 'courier new', courier, monospace; font-size: 10pt;">004474: *Nov 5 08:12:34.095 EET: IKEv2-ERROR:IKEv2 responder - unsupported attrib reconnect-dpd-interval in cfg-req</SPAN><BR /><SPAN style="font-family: 'courier new', courier, monospace; font-size: 10pt;">004475: *Nov 5 08:12:34.095 EET: IKEv2-ERROR:IKEv2 responder - unsupported attrib unknown in cfg-req</SPAN><BR /><SPAN style="font-family: 'courier new', courier, monospace; font-size: 10pt;">004476: *Nov 5 08:12:34.095 EET: IKEv2-ERROR:IKEv2 responder - unsupported attrib unknown in cfg-req</SPAN></H5> <H5><SPAN style="font-family: 'courier new', courier, monospace; font-size: 10pt;">&lt;...&gt;</SPAN></H5> <H5>Would it be possible to share here your full config (including: aaa, virtual-template, crypto ikev2, crypto ipsec)?</H5> <H5>"sh run | sec aaa|crypto ikev2|crypto ipsec|^interface Virtual-Template"</H5> <H5>Did you set anything else on ISE for Authorization, except Permit?</H5> <H5>Thanks,</H5> <H5>CR</H5> <H5>PS: I don't know how to move this conversation to private (email/private message) and come back here with final result.&nbsp;</H5> <H5></H5> <H5></H5> <H5></H5> <H5></H5> Thu, 05 Nov 2015 11:07:13 GMT https://community.cisco.com/t5/network-access-control/ise-anyconnect-active-directory-eap-mschap-not-allowed/m-p/2715347#M55543 Cristi Romano 2015-11-05T11:07:13Z https://community.cisco.com/t5/network-access-control/ise-anyconnect-active-directory-eap-mschap-not-allowed/m-p/2715348#M55544 <P>Have you edited the AnyconnectLocalPolicy? Because the problem looks similar to what we had before doing that.</P> <P>I have send you part of the ASR config by mail.</P> Thu, 05 Nov 2015 12:41:23 GMT https://community.cisco.com/t5/network-access-control/ise-anyconnect-active-directory-eap-mschap-not-allowed/m-p/2715348#M55544 asigachev 2015-11-05T12:41:23Z https://community.cisco.com/t5/network-access-control/ise-anyconnect-active-directory-eap-mschap-not-allowed/m-p/2715349#M55545 <H5>I did edit the&nbsp;<SPAN>AnyconnectLocalPolicy.xml:</SPAN></H5> <H5><SPAN>&lt;BypassDownloader&gt;true&lt;/BypassDownloader&gt;</SPAN></H5> <H5></H5> <H5>I compared my config with yours and they look similar.</H5> <H5>The main difference is that i really need to have:</H5> <H5 class="prettyprint"><SPAN>match identity remote key-id *$AnyConnectClient$*&nbsp;</SPAN></H5> <H5><SPAN>instead of:&nbsp;</SPAN></H5> <H5 class="prettyprint"><SPAN>match identity remote key-id&nbsp;cisco.com</SPAN></H5> <H5></H5> <H5>I'm still stuck at the latest output:&nbsp;</H5> <H5><SPAN style="font-family: 'courier new', courier, monospace;">IKEv2-ERROR:IKEv2 responder - unsupported attrib unknown in cfg-req</SPAN></H5> <H5></H5> <H5>I found another guy with the same problem 6 months ago, not even a reply <span class="lia-unicode-emoji" title=":slightly_smiling_face:">🙂</span></H5> <H5>https://supportforums.cisco.com/discussion/12500956/flexvpn-ras-anyconnect-certificates</H5> <H5>Still debuging. I'll update when I figure out what is&nbsp;wrong.</H5> Thu, 05 Nov 2015 22:48:05 GMT https://community.cisco.com/t5/network-access-control/ise-anyconnect-active-directory-eap-mschap-not-allowed/m-p/2715349#M55545 Cristi Romano 2015-11-05T22:48:05Z https://community.cisco.com/t5/network-access-control/ise-anyconnect-active-directory-eap-mschap-not-allowed/m-p/2715350#M55546 <H5>Found out that those error messages are also in the debug output of a working profile (EAP-MD5). So, those are not necesarly a problem.</H5> <H5>I found out though:</H5> <H5><SPAN style="font-family: 'courier new', courier, monospace;">007761: *Nov 6 01:11:12.962 EET: IKEv2:(SESSION ID = 96,SA ID = 1):<STRONG>Error in settig received config mode data</STRONG></SPAN><BR /><SPAN style="font-family: 'courier new', courier, monospace;">007762: *Nov 6 01:11:12.962 EET: IKEv2:(SESSION ID = 96,SA ID = 1):Auth exchange failed</SPAN><BR /><SPAN style="font-family: 'courier new', courier, monospace;">007763: *Nov 6 01:11:12.962 EET: IKEv2-ERROR:(SESSION ID = 96,SA ID = 1):: Auth exchange failed</SPAN></H5> <H5></H5> <H5></H5> Thu, 05 Nov 2015 23:22:49 GMT https://community.cisco.com/t5/network-access-control/ise-anyconnect-active-directory-eap-mschap-not-allowed/m-p/2715350#M55546 Cristi Romano 2015-11-05T23:22:49Z https://community.cisco.com/t5/network-access-control/ise-anyconnect-active-directory-eap-mschap-not-allowed/m-p/2715351#M55547 <P>Have you tried removing special characters from key-id?</P> <P>just to check if this could be a problem...</P> Sun, 08 Nov 2015 00:29:46 GMT https://community.cisco.com/t5/network-access-control/ise-anyconnect-active-directory-eap-mschap-not-allowed/m-p/2715351#M55547 asigachev 2015-11-08T00:29:46Z https://community.cisco.com/t5/network-access-control/ise-anyconnect-active-directory-eap-mschap-not-allowed/m-p/2715352#M55548 <H6>I did, but anything you do to that string, results in no profile matching:</H6> <PRE class="prettyprint">009801: *Nov&nbsp; 9 12:09:37.254 EET: IKEv2:(SESSION ID = 110,SA ID = 1):<STRONG>Searching policy based on peer's identity '*$AnyConnectClient$*'</STRONG> of type 'key ID'<BR />009802: *Nov&nbsp; 9 12:09:37.254 EET: IKEv2-<STRONG>ERROR:% IKEv2 profile not found</STRONG><BR />009803: *Nov&nbsp; 9 12:09:37.258 EET: IKEv2-ERROR:(SESSION ID = 110,SA ID = 1):: Failed to locate an item in the database<BR />009804: *Nov&nbsp; 9 12:09:37.258 EET: IKEv2:(SESSION ID = 110,SA ID = 1):Verification of peer's authentication data FAILED<BR />009805: *Nov&nbsp; 9 12:09:37.258 EET: IKEv2:(SESSION ID = 110,SA ID = 1):Sending authentication failure notify</PRE> Mon, 09 Nov 2015 10:21:44 GMT https://community.cisco.com/t5/network-access-control/ise-anyconnect-active-directory-eap-mschap-not-allowed/m-p/2715352#M55548 Cristi Romano 2015-11-09T10:21:44Z https://community.cisco.com/t5/network-access-control/ise-anyconnect-active-directory-eap-mschap-not-allowed/m-p/2715353#M55549 <P>Hello,</P> <P>we are facing the same problem. Ikev2 , Anyconnect and the EAP-MSCHAPv2 authC method.</P> <P></P> <P>Its sad, that Cisco is not able to authenticate the IKEv2 clients (MSCHAPv2) on the routers with the ISE/ACS combination at all. The only possible way is the TLS method. I don't think that MD5 authentication is secured algorithm nowadays.</P> <P></P> <P>Another way is used the Cisco ASA. FW is capable to authenticate the EAP-MSCHAPv2 clients with the ISE/ACS in the background.</P> <P></P> <P>Based on my research, Cisco released the official bug ID :</P> <P>https://bst.cloudapps.cisco.com/bugsearch/bug/CSCuw99531/?referring_site=bugquickviewclick</P> <P></P> <P>Enhancement = miracle <span class="lia-unicode-emoji" title=":slightly_smiling_face:">🙂</span>&nbsp;</P> <P></P> <P>Usually our customers migrate their remote access solution from Ikev1 to ikev2 and the already have ACS/ISE. They are wondering, that they need to change the authentication process of the clients or they need to deploy another RADIUS AuthC server.....</P> <P></P> <P></P> <P></P> Tue, 26 Jul 2016 10:01:34 GMT https://community.cisco.com/t5/network-access-control/ise-anyconnect-active-directory-eap-mschap-not-allowed/m-p/2715353#M55549 cisartomas 2016-07-26T10:01:34Z