CheckPoint NG

  • Article

This topic describes how to configure Checkpoint NG to work in a virtual private network (VPN) site-to-site solution with ISA Server.

Checkpoint: Preshared Secret Configuration Overview

The following IPSec settings will be used in this section of this configuration document:

  • Phase I
    • Main mode
    • 3DES
    • SHA-1
    • MODP Group 2 (1024 bits) for DH
    • SA lifetime of 28,800 seconds
    • Preshared secret
  • Phase II
    • 3DES
    • SHA-1
    • PFS & MODP Group 2 (1024 bits) for DH
    • SA lifetime of 3600 seconds
    • ESP tunnel mode

Preshared Secret Checklist

Use the following checklist for preshared secrets.

____

Install and configure the Sonicwall device

____

Determine remote gateway external IP address

____

Determine remote networks IP address and netmask protected by the remote gateway

____

Set preshared secret

____

Configure new policy

____

Configure network and group objects

____

Modify CheckPoint object

____

Configure VPN peer gateway

____

Configure encryption rule

____

Test IPSec tunnel

For installation and configuration information and documentation, refer to the documents found on the CheckPoint website (www.checkpoint.com).

Checkpoint Configuration Walk-through Procedure 1: Configuring the Preshared Secret Solution

This topic describes in detail the process to configure the CheckPoint NG FP3 to successfully establish a site-to-site IPSec tunnel with the ISA Server computer using the settings specified in Checkpoint: Preshared Secret Configuration Overview. This section includes tips that can be used to improve the functionality of the IPSec tunnel, performance of the device, or the security of the device.

Note

The step-by-step instructions in the following sections assume that you have a working knowledge of CheckPoint NG FP3, and only the parameters directly related to the scenarios are described in detail.
If the CheckPoint Firewall is loaded onto a Windows-based operating system, the registry key \HKEY_LOCAL_MACHINE\SYSTEM\ CurrentControlSet\Services\Tcpip\ Parameters requires a change from a value of 0 to a value of 1 to allow for the proper routing of encrypted communications through the IPSec tunnel.

Configure New Policy

Use the following steps to configure new policy.

  1. Log on to the CheckPoint Management Server using the CheckPoint Smart Dashboard.
  2. Choose Global Properties from the Policy menu. On this page:
    • Select VPN-1 Pro from the left menu.
    • Select Traditional or Simplified mode per new Security Policy.
  3. Choose New from the File menu. On this page:
    • Enter a name in New Policy Package Name.
    • Select Security and Address Translation.
    • Select Traditional mode.

Configure Network and Group Objects

Use the following steps to configure network and group objects.

  1. From the left menu of the CheckPoint Smart Dashboard, right-click Networks and select New. On the General tab:
    • Enter Internal_AL as the Name of the network.
    • Enter 10.5.6.0 as the Network Address.
    • Enter 255.255.255.0 as the Net Mask.
  2. Repeat the steps. On the General tab:
    • Enter Internal_CL as the Name of the network.
    • Enter 10.4.5.0 as the Network Address.
    • Enter 255.255.255.0 as the Net Mask.
  3. From the left menu of the CheckPoint Smart Dashboard, right-click Groups and select new simplified. On this page:
    • Enter ISAServer-Remote as the Name of the network.
    • Highlight Internal_AL.
    • Select Add to move Internal_AL from Not in Group into In Group.
    • Highlight Internal_BL.
    • Select Add to move Internal_BL from Not in Group into In Group.

Modify CheckPoint Object

Use the following steps to modify the checkpoint object.

  1. From the left menu of the CheckPoint Smart Dashboard, expand the Check Point menu and double-click the checkpoint object to display the Check Point Gateway – checkpoint properties screen.
  2. Select Topology from the left menu:
    • Review the Topology settings for accuracy.
    • Review the VPN Domain settings to ensure that All IP Addresses behind Gateway based on Topology information is selected.
  3. Select VPN from the left menu, and then select Traditional mode configuration.
  4. In the Traditional mode IKE properties screen:
    • Select 3DES.
    • Select SHA1.
    • Select Pre-Shared Secret.
    • Select Edit Secrets.
  5. In the Shared Secret screen:
    • Highlight ISAServer.
    • Select Edit.
    • Enter Cool-Dude! in Enter secret.
    • Select Set.
  6. Select Advanced in the Traditional mode IKE properties screen.
  7. In the Traditional mode advanced IKE properties screen:
    • Select Group 2 (1024 bit).
    • Enter 480 in Renegotiate IKE (phase 1) Security Associations every**.**
    • Enter 3600 in Renegotiate IPSec (IKE phase 2) Security associations every**.**

Configure VPN Peer Gateway

Use the following steps to configure the VPN peer gateway.

  1. From the left menu of the CheckPoint Smart Dashboard, right-click Interoperable Device and select new. On this screen:
    • Enter ISAServer as the Name of the interoperable device.
    • Enter 14.15.16.17 as IP Address of the interoperable device.
  2. Select Topology from the left menu. On this screen:
    • Select Manually defined under VPN Domain
    • Select ISAServer-Remote from the drop-down list.
  3. Select VPN from the left menu, and then select Traditional mode configuration.
  4. In the Traditional mode IKE properties screen:
    • Select 3DES.
    • Select SHA1.
    • Select Pre-Shared Secret.
    • Select Edit Secrets.
  5. In the Shared Secret screen:
    • Highlight checkpoint.
    • Select Edit.
    • Verify Cool-Dude! is the shared secret.
  6. Select Advanced in the Traditional mode IKE properties screen.
  7. On the Traditional mode advanced IKE properties screen:
    • Check Group 2 (1024 bit).
    • Enter 480 in Renegotiate IKE (phase 1) Security Associations every**.**
    • Enter 3600 in Renegotiate IPSec (IKE phase 2) Security associations every**.**

Configure Encryption Rule

Use the following steps to configure an encryption rule.

  1. Choose Add Rule --> Top from the Rules menu.
  2. In the new rule:
    • Select ISAServer-Remote for the Source.
    • Select Internal_BL for the Destination.
    • Select Encrypt as the Action.
    • Select Log as the Track.
  3. Choose Add Rule --> Top from the Rules menu.
  4. In the new rule:
    • Select Internal_BL for the Source.
    • Select ISAServer-Remote for the Destination.
    • Select Encrypt as the Action.
    • Select Log as the Track.
  5. Right-click Encrypt under Action for rule number 1. On the General tab:
    • Highlight IKE.
    • Select Edit.
  6. Right-click Encrypt under Action for rule number 1. On the General tab:
    • Select 3DES as the Encryption Algorithm from the drop-down list.
    • Select SHA1 as the Data Integrity from the drop-down list.
    • Select Use Perfect Forward Secrecy.
    • Select Group 2 (1024 bit) as the Use DH Group from the drop-down list.
  7. Test the IPSec tunnel after the third-party gateway peer has been configured by sending icmp traffic to the remote internal network through the IPSec tunnel using the ping utility.

Checkpoint: Certificate Configuration Overview

This section outlines the IPSec settings and the specific settings required for this device to perform Certificate Authentication.

The following IPSec settings will be used in this section of this configuration document:

  • Phase I
    • Main mode
    • 3DES
    • SHA-1
    • MODP Group 2 (1024 bits) for DH
    • SA lifetime of 28,800 seconds
    • Certificate Authentication
  • Phase II
    • 3DES
    • SHA-1
    • PFS & MODP Group 2 (1024 bits) for DH
    • SA lifetime of 3600 seconds
    • ESP tunnel mode

Certificate Checklist

Use the following checklist for certificates.

____

Install and configure Cisco Concentrator 3005 VPN Concentrator

____

Determine remote gateway external IP address

____

Determine remote networks protected by the remote gateway

____

Determine certification authority to use to create the local certificate

____

Configure new policy

____

Configure network and group objects

____

Configure certification authority

____

Modify CheckPoint object

____

Configure VPN gateway peer

____

Configure encryption rule

____

Test IPSec tunnel

For installation and configuration information and documentation, refer to the documents found on the CheckPoint website (www.checkpoint.com).

Checkpoint Walk-through Procedure 2: Configuring the Certificate Solution

This topic describes in detail the process to configure the CheckPoint NG FP3 to successfully establish a site-to-site IPSec tunnel with the ISA Server computer using the settings specified in Checkpoint: Certificate Configuration Overview. This section includes tips that can be used to improve the functionality of the IPSec tunnel, performance of the device, or the security of the device.

Note

The step-by-step instructions in the following sections assume that you have a working knowledge of CheckPoint NG FP3, and only the parameters directly related to the scenarios are described in detail.
If the CheckPoint Firewall is loaded onto a Windows-based operating system, the registry key \HKEY_LOCAL_MACHINE\SYSTEM\ CurrentControlSet\Services\Tcpip\ Parameters requires the change from a value of 0 to a value of 1 to allow for the proper routing of encrypted communications through the IPSec tunnel.

Configure New Policy

Use the following steps to configure new policy.

  1. Log on to the CheckPoint Management Server using the CheckPoint Smart Dashboard.
  2. Choose Global Properties from the Policy menu. On this screen:
    • Select VPN-1 Pro from the left menu.
    • Select Traditional or Simplified mode per new Security Policy.
  3. Choose new from the File menu. On this screen:
    • Enter a name in New Policy Package Name.
    • Select Security and Address Translation.
    • Select Traditional mode.

Configure Network and Group Objects

Use the following steps to configure network and group objects.

  1. From the left menu of the CheckPoint Smart Dashboard, right-click Networks and select new. On the General tab:
    • Enter Internal_AL as the Name of the network.
    • Enter 10.5.6.0 as the Network Address.
    • Enter 255.255.255.0 as the Net Mask.
  2. Repeat the steps:
    • Enter Internal_CL as the Name of the network.
    • Enter 10.4.5.0 as the Network Address.
    • Enter 255.255.255.0 as the Net Mask.
  3. From the left menu of the CheckPoint Smart Dashboard, right-click Groups and select new simplified. On this screen:
    • Enter ISAServer-Remote as the Name of the network.
    • Highlight Internal_AL.
    • Select Add to move Internal_AL from Not in Group into In Group.
    • Highlight Internal_BL.
    • Select Add to move Internal_BL from Not in Group into In Group.

Configure Certificate Authority

Use the following steps to configure a certificate authority.

  1. Copy the Certificate Authority’s certification authority (CA) and certificate revocation list (CRL) from the Certificate Authority to the local machine.
  2. From the left menu of the CheckPoint Smart Dashboard, select the Servers and OPSEC Applications tab, right-click the Certificate Authority menu and select new.
  3. On the General tab:
    • Enter fabrikam-test-w2k4 as the Name.
    • Select OPSEC PKI for the Certificate Authority from the drop-down list.
  4. Select the OPSEC PKI tab in the Certificate Authority Properties screen. On this tab:
    • Select Get and browse to the location on the local machine of a saved certificate from the Certificate Authority used in this effort.
  5. Select the Advanced tab in the Certificate Authority Properties screen. On this tab:
    • Select Fetch new CRL when expires.

Modify CheckPoint Object

Use the following procedure to modify the checkpoint object.

  1. From the left menu of the CheckPoint Smart Dashboard, expand the Check Point menu and double-click the checkpoint object to display the Check Point Gateway – checkpoint properties screen.

  2. Select Topology from the left menu. On this screen:

    • Review the Topology settings for accuracy.
    • Review the VPN Domain settings to ensure the All IP Addresses behind Gateway based on Topology information is selected.

  3. Select VPN from the left menu, and then select Add under Certificate List.

  4. In the Certificate Properties screen:

    • Enter CheckPoint as the Certificate Nickname.
    • Select fabrikam-test-w2k3-Testlab as the Certificate Authority.
    • Select Generate.

  5. In the Generate Certificate Request screen, enter the DN to be used for the certificate.

    Note

    CheckPoint will not accept the DN definition for Local using L or the definition for State using S.

  6. A screen will be displayed. The contents of the screen is the certificate request, which was highlighted, copied, and then pasted into a document that was transferred to the Certificate Authority for enrollment and creation of the certificate pair.

  7. After the Certificate has been copied, paste the certificate onto the local machine, select Get from the Certificate Properties window, and browse to the saved certificate on the local machine.

  8. Select VPN from the left menu.

  9. Select Traditional mode configuration.

  10. In the Traditional mode IKE properties screen:

    • Select 3DES.
    • Select SHA1.
    • Select Public Key Signatures.
    • Select Specify./9j/4AAQSkZJRgABAQEAYABgAAD/2wBDAAgGBgcGBQgHBwcJCQgKDBQNDAsLDBkSEw8UHRofHh0a HBwgJC4nICIsIxwcKDcpLDAxNDQ0Hyc5PTgyPC4zNDL/2wBDAQkJCQwLDBgNDRgyIRwhMjIyMjIy MjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjL/wAARCAGAAgADASIA AhEBAxEB/8QAHwAAAQUBAQEBAQEAAAAAAAAAAAECAwQFBgcICQoL/8QAtRAAAgEDAwIEAwUFBAQA AAF9AQIDAAQRBRIhMUEGE1FhByJxFDKBkaEII0KxwRVS0fAkM2JyggkKFhcYGRolJicoKSo0NTY3 ODk6Q0RFRkdISUpTVFVWV1hZWmNkZWZnaGlqc3R1dnd4eXqDhIWGh4iJipKTlJWWl5iZmqKjpKWm p6ipqrKztLW2t7i5usLDxMXGx8jJytLT1NXW19jZ2uHi4+Tl5ufo6erx8vP09fb3+Pn6/8QAHwEA AwEBAQEBAQEBAQAAAAAAAAECAwQFBgcICQoL/8QAtREAAgECBAQDBAcFBAQAAQJ3AAECAxEEBSEx BhJBUQdhcRMiMoEIFEKRobHBCSMzUvAVYnLRChYkNOEl8RcYGRomJygpKjU2Nzg5OkNERUZHSElK U1RVVldYWVpjZGVmZ2hpanN0dXZ3eHl6goOEhYaHiImKkpOUlZaXmJmaoqOkpaanqKmqsrO0tba3 uLm6wsPExcbHyMnK0tPU1dbX2Nna4uPk5ebn6Onq8vP09fb3+Pn6/9oADAMBAAIRAxEAPwDX+IPx B1bwlr9tp+n2unvC9nHMTPBubccg8gj0rlB8aPEZ/wCXHR//AAFP/wAVXQ+Lb26s/jX4Y+y3M0Hn RWUMvlSFfMjM3KtjqpwMg8Vm3kWn6jfeP9Y8Q21zqx0fUIo7WNrx4ykbXMimMHnC44xjgZxtJzXo 0oU+Rc0b/wDD2OeUpXdmUh8ZvEf/AD5aP/4Cn/4qrMXxY8WT2s91FpOnSW9vt86VLJike44Xcd2B k8DPWn6X4I02bwVPc3Vt50/9iS6lFf2scnlo6sSImlMhQuAMMgjBAz82Rk9Zp+g2WlR61p+n2Dxa S93owt9QSWXdeq00ZZxJu2kgseY9uM/SqkqC2iJe07nFj4xeIT/y5aR/4Cn/AOKpw+MPiH/ny0j/ AMBT/wDFV0+r2yTt4atYLN7qC38QXcE92sszSWeb5cAyK/yswI5fLcggg81EPB+hXWqL51m9xbXN /qi6lqD3EjNYCJm8vL7tqnADZlDE5z0NC9ha7gHv9znx8X/EH/PlpP8A4Cn/AOKqWH4seJLiaOGH T9MklkYIiJaEszE4AADck1ak8L6HJp4tl01Ipf8AhE11j7Uk0nmGcYyMFim045G3ucEcVr6V4M06 wW1uTbf6ZYXmmPHfW8ciwXXmSIG2O0jLKPm6qqYIHGDihrDpfCJe07mBL8VvEkE7wz6fpkcsbFHR 7QqysDgggtwRTR8WtfP/AC56V/4DH/4qlttNsNQ8deN5L+0S6Wyhv7uKN3dV8xJeM7CCRyeM96vT eGdElhnjTTkgaTwyNaWSOWQtFMMfIu5iPLODwwLfMfm6YfJQWjiF59ymPixrx/5c9K/8Bj/8VU4+ JniY2f2z+zLD7L5nled9jbZvxnbuzjOOcVoah4P8Ow/bUkg+xafDcafHZ6n57D7YkuPNbc5MbYUs 2UAxj0yK2Y/D+nyWMOi3+m/2bpp8TyRxpukTz0WB/LbdIxJ3kBcqRntg1L9ha6iP953OSHxV10/8 uml/+A3/ANenD4p64f8Al00v/wABv/r1leK7Gxs1sGtdH1LTZXVxMLq2eGOQgjBQO7tkA4PzY6dM 16dbeb/a9p/b32r7F/wiR+1efv8Avbl87Pffjbux83T2pzjRik1ESc27XOIHxR1w/wDLppf/AIDf /Xpw+KGtn/l00z/wG/8Ar10GnNriWXitrqK6luBHZfZE0iQxgwb22fZ2VWxHtz0B43Z5zXMeGdLi 1bXNeF9p891PBZXFxHbXDuZTMrDAcrtZmySD0yT0FChS1bjsDlPTUsj4na2f+XXTP/Ab/wCvTh8T Na/59dM/8Bv/AK9aVz4f8P6fpuoahc6W0kttZ2FxLZrcvGYJZGIkj5yVBAUkNkgHgjIIhHhvSf7A 8/7J+4/sP7b/AGl5j/8AH3ux5Wc+X1+Xbjd755o5aH8oXqdyqPiVrJ/5ddN/8Bv/AK9OHxJ1k/8A Lrpv/gN/9etnWPCeiW93qMU1l/ZlpBdWcdtdea6+cshHmjdISrbQSeBxt54zUkfhnQ5fE9rp76Fq EMf2yaMyPFJHBLGI3KgOZGLNlQQRtBGeKn9xa/KH7zuYg+I+sH/l107/AMB//r04fEXWD/y7ad/4 D/8A16lSW3uvh3drp+meYkeoB2gaR5XgX7PgzErt7qxyRt5IxxW/qeg6QNU1S4lsr3Upo72GJoIz JcSrEYVbP+sVhk5G5iwGAAKHGinZx/rT/MLzezOcHxE1f/n207/wH/8Ar04fELVz/wAu2nf+A/8A 9erCaBpjeF7+6htZobi3acltThlTKhtqhXVggcdNpDEvkYArixWkaVGV7RIc5rqdcPiBqx/5dtP/ APAf/wCvTh4+1U/8u+n/APgP/wDXrkhUgqvq9L+UXtZ9zqx491U/8u9h/wCA/wD9enDx3qh/5d7D /wABx/jXKinij6vS7B7Wfc6keOdUP/LvYf8AgOP8acPHGpn/AJd7H/wHH+NcuKeKX1el2D2s+504 8bamf+WFj/4DinDxpqR/5YWP/gOK5kU8UfV6fYPaz7nSDxnqR/5YWX/fgU8eMdR/54WX/fgVzYp4 pewp9g9rPudGPF+oH/lhZf8AfgUo8W6gf+WNn/34Fc8KeKPYU+we1n3OgHiy/wD+eNn/AN+BTh4q v/8AnjZ/9+BWCKcKPYU+we1n3N4eKL7/AJ42n/fgU4eJ70/8sbT/AL8CsIU8UvYU+we1n3NweJb0 /wDLK0/78CnDxHeH/lla/wDfgViCpBR7Cn2F7Wfc2R4hvD/yytf+/C04eILs/wDLK1/78LWOKeKX sKfYPaz7muNeuz/yztv+/K0o1y6P/LO2/wC/K1lCnij2FPsHtZ9zUGt3J/5Z23/flacNZuT/AMs7 f/vyv+FZgp4pexp9g9rPuaQ1e4/552//AH5X/CnDVbg/wW//AH5X/Cs4U8Uexp9g9rPuaA1Sc/wQ f9+V/wAKcNSnP8EH/flf8KoCpBR7Gn2D2s+5pW9zPcF8fZkCLuJaEY6gdgfWpt8n/Pey/wC/B/8A iKqWP3bn/rl/7OteZ69pWo3Gr6rNpGm6imgGQf2xZxP5L6kw++bdCuemA5BXzegyfmPHWtCdkkdV K8o3bPSptWEOqQ6fvt5JpImm+SAYVQyrySo5Jbt6H2zd+H7M/gy0d2LM01ySScknz5K5GIQDxbp4 tYvJtxpR8qPyjHsXzEwNhAK4HGCBjpXWfDz/AJEmz/663H/o+Ss3qky1o2jqKKKKkoKKKKACiiig AooooA8T+IvgPVPFHiG3vrKezjijsooSJ3YHIyeynj5hXJD4Q+IB/wAvmmf9/ZP/AIivcLn/AFq/ 9c0/9BFIIRtBeVIyeQGznHrwDW0MZVhHlXQh0Yt3Z4kPhFr/APz+ab/39k/+Ipw+EmvD/l703/v5 J/8AEV7Z5Mf/AD8xfk3/AMTR5Mf/AD8xfk3/AMTVfXqwvYQPFR8JteH/AC96b/38f/4inD4Ua7/z 96d/38f/AOIr2jyY/wDn5i/Jv/iaPJj/AOfmL8m/+Jo+vVg9hA8ZHwp13/n707/v4/8A8RTh8K9c /wCfvTv+/j//ABFeyeTH/wA/MX5N/wDE1Wnnt7e5gt2uYzLOGMagMN23GRkgc4OcdcA+ho+vVg9h A8mHwt1wf8vWn/8Afx//AIinD4Xa2P8Al60//v4//wARXrVFL69WH7CB5OPhhrQ/5etP/wC/j/8A xFOHwy1of8vVh/38f/4ivVqKPr1UPYQPKh8NNZH/AC82H/fx/wD4inD4a6yP+Xmw/wC/j/8AxNep 0UfXaovYQPLh8N9YH/LzY/8Afx//AImrth4L8R6Z9p+yX1jH9pga2m5J3RtjcOU46Dkc16JRSeNq vcfsIHmQ+HWrj/l5sf8Avt//AImnD4eat/z8WX/fb/8AxNel0U/rtUXsIHAaj4P8Q6tfy319e2Ut zLje+SucAAcBAOgFVx4A1Uf8vFl/323/AMTXo9FJYyqtEP2EDzoeAdVH/LxZ/wDfbf8AxNOHgPVB /wAt7P8A77b/AOJr0Oij67VF9XgefDwLqn/Pez/77b/4mlHgbUx/y3tP++2/+Jr0Cij67VD6vA4E eCNSH/Le0/77b/4mnDwVqQ/5b2n/AH23/wATXeUUfXKoewgcKPBeoj/lta/99t/8TTh4N1Ef8trX /vpv/ia7iij65VD6vA4keD9QH/La1/76b/4mnDwjqA/5bW3/AH03/wATXaUUfXKofV4HGjwlfj/l tbf99N/hTh4Uvh/y1tv++m/wrsKKPrlUPq8DkR4Wvh/y1t/++m/wpw8L3v8Az1t/++m/wrrKKX1y qH1eByo8M3o/5a2//fR/wpw8N3g/5awf99H/AArqKKPrlUPq8DmR4du/+ekH/fR/wpR4eu/+ekH/ AH0f8K6Wij63VD6vA5waBdf89If++j/hThoV0P8AlpD+Z/wroaKPrdQPq8DAGh3I/jh/M/4U4aLc j+OL8z/hW7RR9bqB9XgYg0e4H8cX5n/CnDSbgfxx/mf8K2aKPrdQPq8DIGlTj+OP8z/hThpkw/ij /M/4Vq0UvrdQPq8DLGnTD+JPzP8AhThp8o/iT8z/AIVpUUfWqgfV4GeLGX+8n5mnCzkH8S/nV6ij 61UD6vApi1cd1/OnC2cd1q1RR9aqB9XgUbqynuLZoYr2a1343PAVDEZzjJU45A6c8fWs7/hHLn/o YNW/7/J/8RW/RUSrSk7tItUklZGLY6AbPUhfSahd3UojMQ+0OrYUkE4wo7qK6H4ef8iTZ/8AXW4/ 9HyVBU/w8/5Emz/663H/AKPkpc7kPlSOoooooAKKKKACiiigAooooA5a5/1q/wDXNP8A0EUXP+tX /rmn/oIouf8AWr/1zT/0EUXP+tX/AK5p/wCgisyjjNS1WeGfV7yfV7yxttOuVgRLeyFxER5EcxeU BGfbl2BIZBgDkHk3brxlpNn4hXRpZMXHmRws3mRjbI+Ni7CwkbO5OVUqN3JGGw/VPC1vqgv42v76 3ttQUi6gt3VVlbYE37ipYHaqDAYKdvIILZtNoqf2nJeRXt5Ck0izT20TqI5pFVVDMdu8cIgIDBSF 5By2QDLTx1ph0xNQngvLW3ltlubdrlFTzlLIpxlvlw8ka5fap3bgSuWqfSfGFhrV1bW9lFNI83nb yjxOkPliMncyuVbPmx42Fvvc4wcPbwnYNZ6dbebcgadaC1t3DLuXDROrnjBYNBGRxt65BBxTz4Zt Z9xvrq8vme2ntpTPIB5iS+XuGECheIlA2BR1JySTQBmWnjK21rUdMg06TYTe+XdReZDNmM287r80 bOoy0XTcG+XkYIzo6v8A8jL4e/66z/8AolqS38MRx6tHqdzqd9e3UbIytP5SgBUmQDCRrxidz65x zxil1f8A5GXw9/11n/8ARLUAblFFFAwooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACii igAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKn+H n/Ik2f8A11uP/R8lQVP8PP8AkSbP/rrcf+j5KqJLOooooqhBRRRQAUUUUAFFFFAHLXP+tX/rmn/o Iouf9av/AFzT/wBBFFz/AK1f+uaf+gii5/1q/wDXNP8A0EVmUQ0VV1K/i0vS7vUJ1dobWB53VACx VVLHGcc4FQ2l7eKj/wBr2ttZEMio8d15kbljtCgsqHduwMbcHcuCSSADNCis+817R9OfZfatY2rb im2e5RDuAViOT1wyn6MPUU/+2NM/tP8Asz+0bP8AtD/n189fN+7u+5nPTnp05oAu1C9rDJd2108Y aa2LNEx5CllKnjoeCetVTr2jql27atYhbNglyxuUxAxO0B+flOQRz3qrL4ktf+Ee1bVrVfO/s37S ssJcA74dwKnGduduRnnDA45oEdB9pk/uxf8Afpf8KPtMn92L/v0v+FZ9xqVhaQTz3N7bQw27BJpJ JVVYmIBAYk8Ehl6/3h60LqVg6K63tsyssbqwlUgrIdsZHPRjwvqelAGh9pk/uxf9+l/wo+0yf3Yv +/S/4Vn3WpWFlPbwXd7bW81y2yCOWVUaVsgYUE/MckdPUUNqVgiM7XtsqqsjsxlUALGdshPPRTw3 oetAGh9pk/uxf9+l/wAKPtMn92L/AL9L/hXPy+KNMjuLU/bbM6fPbTT/AG77SvlL5ckUeN3Q5MuM 54Ix340H1Kwi1CLT5L22S9lXfHbNKokdeeQuckfKfyPpQBofaZP7sX/fpf8ACj7TJ/di/wC/S/4V mRaxpk0c8kWo2ciW8azTMk6kRoy7lZjnhSvIJ4I5qH/hJNC+w/bf7a077J5nk+f9qTy9+M7d2cbs c464oA2ftMn92L/v0v8AhR9pk/uxf9+l/wAKp3d5a2Fq91eXMNtbpjfLM4RFycDJPA5IH41AdY0x fIzqNmPP8vyczr+88zPl7eed21sY64OOlAGn9pk/uxf9+l/wo+0yf3Yv+/S/4VmPrGmR3VxavqNm txbRmaeIzqHiQAEswzlVwQcnjkUf2xpn2f7R/aNn5H/PTz12/wCr8zrnH+r+f/d56c0Aaf2mT+7F /wB+l/wo+0yf3Yv+/S/4VhHxPo7CyeDULa4hu7v7Gk0EyOiy7GcKWB4JC4A65ZeOanttZsJXs7eS /sRe3UCzR28VyrmRSCdydC68HDY5AzQBrfaZP7sX/fpf8KPtMn92L/v0v+FZ9pqVhfu6Wd7bXDRq jusMquVVxuQnB4DDkeo6UNqVgiM7XtsqqsjsxlUALGdshPPRTw3oetAGh9pk/uxf9+l/wo+0yf3Y v+/S/wCFczceK7W3uns8QyXaSQDZHOCCkt0bfcDjO5CMsMYBIXJ61rWupWF8kT2l7bXCzKzxNFKr h1UhWK4PIBIBx0JFAGh9pk/uxf8Afpf8KPtMn92L/v0v+FQ0UDJvtMn92L/v0v8AhR9pk/uxf9+l /wAKhrIvNWvE1SSxsNPS6aCBLi433HltsdnCiMbSGb92/DFB935uSQCN37TJ/di/79L/AIUfaZP7 sX/fpf8ACqbXlqvmbrmEeXIsL5cfK7bdqn0Y71wOp3D1FUovEmhTWs91FrWnSW9vt86VLpCke44X cc4GTwM9aANn7TJ/di/79L/hR9pk/uxf9+l/wrJfXtHi0+LUJNWsUspW2R3LXKCN254DZwT8p/I+ lMu/EOmWd/BZSXcJuJblLYosi5id0Z0DjOV3BCB3JIxQBs/aZP7sX/fpf8KPtMn92L/v0v8AhWF4 i8RWHhzS57u7uLZJlgkkgt5Z1ja4ZFztXPUk4HAPUVJf+IdMsI9Q33cMtxYWz3M9rFIrTKiruJ2Z yOCMZwOR60AbP2mT+7F/36X/AAo+0yf3Yv8Av0v+FZiaxpkl1b2qajZtcXMYmgiE6l5UIJDKM5Zc AnI44NE+p2tpdSR3d1ZwIkauDJcBX6SE5U4wu2NiDnna/A25IBp/aZP7sX/fpf8ACj7TJ/di/wC/ S/4VjL4h0xr6W1+1wjy7JL/zTIvltAxYbwc8qNmSegDLzzT317R4tPi1CTVrFLKVtkdy1ygjdueA 2cE/KfyPpQBrfaZP7sX/AH6X/Cj7TJ/di/79L/hXP33ijTLSzmuor2zuUt4zNNHFcqZNnkvKuxf4 mZUyASAVy2eOdCHUrC4EZgvbaUSMEQpKrbmKeYAMHklPm/3eelAGh9pk/uxf9+l/wo+0yf3Yv+/S /wCFU/tlr53k/aYfN8zydm8Z37N+3H97Z82OuOelYOpeMbDTorhlktrhhaT3dsIblSJliijkKk/w sRICAA3yDd3xQB1X2mT+7F/36X/Cj7TJ/di/79L/AIVnxalYTuUhvbaRhO1uVSVSRKoLNHwfvAAk jqADVqgCb7TJ/di/79L/AIUfaZP7sX/fpf8ACoaKBk32mT+7F/36X/Cj7TJ/di/79L/hUNFAE32m T+7F/wB+l/wo+0yf3Yv+/S/4VDRQBN9pk/uxf9+l/wAKr317NDp9zLGIg6RMynyU4IBx2p1VdT/5 BV5/1wf/ANBNAiHQpHm8PaZLK7PI9pEzOxyWJQZJPc1r/Dz/AJEmz/663H/o+Ssbw9/yLOlf9ecP /oArZ+Hn/Ik2f/XW4/8AR8lVETOooooqhBRRRQAUUUUAFFFFAHLXP+tX/rmn/oIqC/ijm1CxSWKO VOuyRQyki3cjIPHUVPc/61f+uaf+gio7r/kJ2P0P/pM9QiiCSEJBILOK1tpmUhWW3ULuxwWC7dwB 7ZH1FcvD4YultLvyrTTtN3yWs0NjZuTAXgl83cW2LhnwqEhCQEU/N90dbWPf3+orq5srI6dHHHZP eTTX0rRpGiMAxLAHA5B59DzSQGBFp3iKx8W/2gLSxuZrtbmRgJ5IoolKWaBS/ltlsxNjgbgC3y/d DNH8O6nbLcaN5cP9n297ZP8AbZGZZJPIhtj8kW0gqxi2538EtwduDof8JI//AEM/gX/wcf8A1qsQ 6rf3Fnc3kOueDJLW12/aJk1RikW44XcwXC5PAz1qrMVzNTwrqbQaTbyvZomkRwW8LpKzG4RJ7eRn YbR5bbbfhQWGX+8MZOpNoV0/hXW9HSSEvefbPIkJIH78u43DHGGkK8ZyFB77RV/4SR/+hn8C/wDg 4/8ArVYsdVv9TvI7Ow1zwZd3UmdkMGqNI7YBJwoXJwAT+FKzHdFe/wDDN3JaQWtu6SQWV2bq2Bup LeSTesiujyxgsCDIW8zln6MM5dqVl4ekGrxWaI8UCrHNqDbZXXzI7g3EKRyynMhLSyb3+bOzGIyw Aq/8LGg/6DGg/wDfF7/8Zo/4WNB/0GNB/wC+L3/4zWvsKv8AK/uI9pDua/iHwvPquqTXEYSWG6tE tJUe+ngWNVaQ7ikRHnAiU/IxX7uM/McQTeE79r25u1lti00/2hYWZvLiaO5jljWPj92JQmZTzl8M AcYrP/4WNB/0GNB/74vf/jNamgeI77xPfPZaPfaDc3CRGVkzdJhAQCctEB1YfnSdGoldxY+eL6l2 20a6m8Q2msX9rp0csUdwCkGXKu/kqrbyo3NsiYFsKQGC4IBJxYvCWsx2uj2sk0MyWf2HLi/mjSIQ GMughVdkuSjMHfB+cDjaK7D+yPGf/PPQf/Aib/4ij+yPGf8Azz0H/wACJv8A4is7Mq6OPuPDE2ma DoYUQr/ZNkiSR28Mj+bOJ7aXhUQttZoWy20kbt2DzUFtouq6zd3GuPZ+TLJcy7Lb7fc2e5Gitk37 1jWThrcjYyAHOegUt2/9keM/+eeg/wDgRN/8RR/ZHjP/AJ56D/4ETf8AxFOzFcxdS8NyS6Ho9lal N2lsjJGlxLarIFiaLAkUs6DD56sTt2k8k1nr4MmWw1hFSzS4vtJazhYySSGN3ed3BkfLspMqZbqx UnavArqv7I8Z/wDPPQf/AAIm/wDiKP7I8Z/889B/8CJv/iKVmO6OcvfDup3GkalpCR6cbeb7bJBc ysxkDz+aQNu3EeDMQXDMSoPyjd8udr+kXGqR+JZLaK5NskE08SG3ZZJrw20luypnBaMRhCMKdzPw 2AVrtP7I8Z/889B/8CJv/iKP7I8Z/wDPPQf/AAIm/wDiKdmFzCGiand67Brd2tnBcQyQgW0U7SIy Is6Ft5RSGxcsQNuP3YGfmytLS/Cup2Gm22mO9m1uZLK4nnErb0e3SBSiptwysbcfMWUjeflO3nqv 7I8Z/wDPPQf/AAIm/wDiKP7I8Z/889B/8CJv/iKVmFzF0Lw5LpCaAmLZV0/S5LSZYsgNK5hYsvAy CY3JJwckepqleeC5blL9BeOqzzuka+aQBbzF2uAfl+8TNIR2Jit92dpz0kml+MYonkaPQsKCxxPN 2/4BVc2/i9WKtDoQI4IN2/H6UWYGA3g26kF3HKbOaC8uY5Jo5MkbEv5LnbjaQ26OVgQcAFQOQ2R0 On2V1Z6rqkrCFre9ufPVg53riGGMArjHJRznPHy9cnFO8u/Eemi3e8j0cRTXEduDDO8jZdgM4wOm c8kdK6OdBFcSRrnCsVGfY0mBUeC3SW1aO0tI2F3Bho7dFYfvV6EDNT1HL/rLX/r7g/8ARq1JQBWt ra1NojtZ2ju8kxZ5LdGYnznHJIz0ArI8SaNdaxtjitdOk/dskN3PlZ7Fz/y1iO1tzD5SAChBQfNz 8u5a/wDHjF/vzf8Ao6SpKGBzF/oWpzX1ytrJZi0utRtdQleUt5g8owgxqoGOkO4OT1O3aPvjn4tI 12TwvoFxLp8MdxYW1lBDbLK7PJm4tXYy/uwYtoh5AD4y393n0eii4HKxaNrFtqz65HFYyXs7SiS0 a5dY0V0t1yJfLJYj7MDjYP8AWHn5fmZpPhK60mKzRbiGb7HewzITlfMRbJLVs9drfecDkHAGRkkd bRRcDmPEeiane/2r/Zq2cn9p6cLCT7TO0Xk483Djajb8+cePlxt6nPGfrHhDVNZvpFnuU8h2uc3T XkzEJJBLGqi2x5YKeYo3BgWCEnljXb0UXA5LU9B1nUtSt55DCUFza3BA1GZEtxG8bvGIlTZNyjEO +0/OBgbRVnUPDkt94ttNUcWz2sLW7mOTJbdGl0AQMYyGnjI5/hJ4wM9JRQBxb+Dr1otQXzoT9rkE oCyvGQY72W5jXcoyNwlKlhyhXID54hezuvDN1b6kln5t3L56vbpJeXYw4gG5pxHIxYeQoAKKMNgf cJbuqKLgefWfgfUZvC9vp11LDbO+0y87zGDpv2UjA4LB+cA4IHXtWvp1hcXviWe8ljeG2hnS6ZTG w3XnktbuqM4UtEsYUhgvzM2Q2AVrqqKLgcxf+GbqbU7+/tLrZK225tFaQhRdBUUlwB9zZDGnHzbZ Zx0YYzH8C3Vva39tZTwtFNZT2EAncghHtbeJXYhfvB7YZAGMPnORtPdUUXAyLbTJbLXpLm2itksp LS3tVjVihiWIzn5VC4x+8QAZHG70AOmbe1YktZWbMeSzW0ZJ9ySOakooAj+zWn/PhY/+Akf/AMTR 9mtP+fCx/wDASP8A+JqSii7Aj+zWn/PhY/8AgJH/APE0fZrT/nwsf/ASP/4mpKKLsCP7Naf8+Fj/ AOAkf/xNH2a0/wCfCx/8BI//AImpKKLsCP7Naf8APhY/+Akf/wATVW5/5Fpf+wcn/okVeqjc/wDI tL/2Dk/9EimBH4e/5FnSv+vOH/0AVs/Dz/kSbP8A663H/o+Ssbw9/wAizpX/AF5w/wDoArZ+Hn/I k2f/AF1uP/R8lOImdRRRRVCCiiigAooooAKKKKAOWuf9av8A1zT/ANBFR3X/ACE7H6H/ANJnqS5/ 1q/9c0/9BFR3X/ITsfof/SZ6gobXK+JP9Z4i/wCxTv8A/wBlrqqxZtM/tvxNf6T53k/bvD11bebt 3bN7ou7GRnGc4yKI7gziLPWvDdloGmaBbfD2x1DxVPp9idPWXTo2S9823V2nZyo+VGDhuedv3h8x SxpGipY6t4w0a9tbFtt34Ziu4YIFWCRzJF5uEChdrMWONoznpXWWXw98a6db2UFr8Ro0Sytxa2xO gW7NHFhRsDFicfImeedoz0qxp3w41e1OuXd74pjv9U1S4sLj7VJpojVGtZA6gxpIAwIULwV6Z5qy SvJr9jpuqQ6bol9rOnwTp81rNZeYY15ybe1lIuQQFAXZG8CgH5OHKljJot/4k0C8s4bubUINYkt5 76/IkncGzuSV3AnyhuG4wYjKE8xpuGdiPwdqUOlzaXE3hFNPmffLaL4cYRO3HLJ9pwT8q8kdh6VY tfC2pLq2k3d1e6MINOcFIrDSWt2ZVhliRNxmcBFEzkDHHbGTQB85eFINM1C+i0y8s4ZJbmUIJJJZ RIQSqhIAmFEpy2DKSmQudoB3XrvT9MuLldIh02G2lTSI74XkckrSPILMXDh1ZypVvmHyhSCVOSAV bYsPh98StMgaG10lFXdvQvLau0T4A3xszExtwvzIQflXn5Rh934E+Jl7YrZzaRD5QijhLRtaRyPG gARXkUhnUbV4YkZVT1Ar2nUjzXUl95x8rtt+BS8QWfhjT/Ec9l5ejx29vfSxbLY3xlXbvCCYv8pT cE3+X82M7K7D4TW0cXjmWaHT7O3ik02YJNYXDy28wEsJGA7MyOM5KsQQGTKKfvYd14O+KN5dC6l0 azFx5plaWOOxjeQsCGDlcF1YMwZWyGzyDXYfDTw34w0zxXNeeIdPhtLMWMkUS24t44xIzxkny4cD cQnLYyQoBPArCrJeza5k9O5UU+bb8D1miiivMOoKKKKACiiigAooooAKKKKAIbv/AI85/wDrm38q 8y8e+KdR8P3Ii0jw/fatdSTbnENvI0ccYbnLqD8xAIA7dT2Del35caddGJVaQRPtVm2gnBwCcHA9 8GuFlj8YPM7PBoKuWJYfa3GD+VSxozNWvl1LSNFvFgubcS6jbN5VzEYpEO/kMp6EH8D1BIwa6y7/ AOPyf/ro3864/WotdUacdSXSlgGo22Ps1wzuW8wdtv19P6V2F3/x+T/9dG/nSYyrL/rLX/r7g/8A Rq1JUcv+stf+vuD/ANGrUlLoBHa/8eMX+/N/6OkqSo7X/jxi/wB+b/0dJUlDAKoajq0Wmy28TW91 PLcFljjtojIzEDJ4HPTJ/Cr9Z7f8jt4Z/wCutx/6IehbgyJNakd1X+w9bXccZewdVH1J4A9zxWpd PHZLM9xLHHHAGMkjthVC9SSeg4611V3/AMec/wD1zb+VcF47/wCRV8S/9eV1/wCgNTaBM0XmiieJ JJERpW2RqzAF2wWwPU4Un6A+lVdP1jTNW8z+zdRs7zyseZ9mnWTZnOM7ScZwfyrklttTTxJ4ejvp pmg069ks4WZmJus207ea5PDsIxENwx85nGMYo8M3lrqWl+DU025huLixtkF6YHDGGI2zKUkI6Zk8 r5DySmcHYSFYDqrDXtH1SdoNP1axu5lXeY7e5SRguQM4BPGSPzrQrjvCUwtJ7LR7PWn1a1gsCs++ NFa0kjMaohVVDRlgZPlky37vr8rZ7GgAooooGFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFUbn/kW l/7Byf8AokVeqjc/8i0v/YOT/wBEihCI/D3/ACLOlf8AXnD/AOgCtn4ef8iTZ/8AXW4/9HyVjeHv +RZ0r/rzh/8AQBWz8PP+RJs/+utx/wCj5KqImdRRRRVCCiiigAooooAKKKKAOWuf9av/AFzT/wBB FR3X/ITsfof/AEmepLn/AFq/9c0/9BFR3X/ITsfof/SZ6gobXM65PNa3uu3FvLJDPF4WvXjkjYqy MCpBBHIIPOa6aud1WxuNT1XWbCzj8y6uvDF5DCm4Dc7MoUZPAySOtEdwYzw18PZtZ8K6Rqlx468a rPe2UNxIserkKGdAxAypOMn1NY9vbalZal438NjxP4gmggvdEt4Lua/ZriFZ5U8wo/RSQ5HA6AZz W5oWtfEPRPD2maT/AMK2877DaRW3m/27brv2IF3YwcZxnGTVPT9G8W3WpeK9d1HwzJZT6he6PcQW Ud7BMzrbSqZAH3KudqZ+bb1xVkmhJpP9japDos+oXer3lwmbRB4ourW6I5w0sRmwyAIxaWPnOdsO AaNO0yWy8U6HfxeJ7u6L6nNYXWn2+qTXNrCRazyFH813ZpVZV+Y7BgA+WpqvH4Uij0uaxHhXxPsk fcQr6WkXb71ssgt3PH3niZunPyrt0NK0O5g13Q2ttA1m0gtrgPcT389oyqiW1xGoURyMygtMMRqB GvO1Uy2QDqPFPiWHwvpsd5NbyThncbUIGFSKSaQ89/LifA7ttBKglhl+IfG/9ieIW0nOhw7bSK58 3VdX+x797yLtQeU+7Hl5JyPvCtTUvDMGr6yt/e3V3shtxDbx2tzLbNEWYmUl4nUsHxF8p4HlAjqa y7HwnrGi3XmaRrVjHCLSOySK7055vLhilmaFQVmT7qTBMnJbYGJyTQBcs/Ed9f6zdWttp1o9vaXH kXCfbsXkQ3FRI0BTARsF1Jky0fzAEkLWpqdzqkPlJpWnQXcjZLtc3XkRoBjjIR2LHPAC4wGyQcBs u88OX1/rNrdXOo2j29pcefbv9hxeRDcGMazh8BGwEYCPLR/KSSS1R6n4VupdOi0/StU8mzMpku4t TE9/9pGABGWeYMI+MlAcN0PylgwBT074gQ65rdnY6UmmlJ7e3ndL3URBdDzU80qkARi5WIoxO4KS 2AflbFzwn4wTxXultksWtWiWZGtdQWeSENyqXEeAYpCP4QXGUcFhgbrF3oeqajLbx3urwSWKy29z NClntfzYWRx5b7/kjLxqSrK7csN/K7Y9B8LzaRcWLT38dxBplk2n2CJbmNlhJjz5rF2Ej4hj5UIP vfLyNoB0lFFFABRRRQAUUUUAFFFFAEN3/wAec/8A1zb+Vc5d/wDH5P8A9dG/nXR3f/HnP/1zb+Vc 5d/8fk//AF0b+dTIaOd8T/6jTP8AsJ23/oYrorv/AI/J/wDro38653xP/qNM/wCwnbf+hiuiu/8A j8n/AOujfzqegyrL/rLX/r7g/wDRq1JUcv8ArLX/AK+4P/Rq1JR0Ajtf+PGL/fm/9HSVJUdr/wAe MX+/N/6OkqShgFORvLfeEjLYwCyBiB7ZHHQflTaKBk32mT+7F/36X/CondndnY5Zjkn3pKKACmTR LPBJC5cLIpUlHKMARjhgQQfcHIp9FAGfYaNa6dO00Et87FdpFxfzzrjIP3ZHIB464z+daFFFABRR RQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAVRuf+RaX/ALByf+iRV6qNz/yLS/8AYOT/ANEihCI/ D3/Is6V/15w/+gCtn4ef8iTZ/wDXW4/9HyVjeHv+RZ0r/rzh/wDQBWz8PP8AkSbP/rrcf+j5KqIm dRRRRVCCiiigAooooAKKKKAOWuf9av8A1zT/ANBFR3X/ACE7H6H/ANJnqS5/1q/9c0/9BFR3X/IT sfof/SZ6gobWDfalNo2u6pqlusbT2Xhu7uI1kBKlkZWAOCDjI9RW9XK+JP8AWeIv+xTv/wD2WiO4 Mu6TqXxZ1nRrHVLdfBSwXtvHcRrILoMFdQwBwSM4Pqar23jXxsp8UaXeweH/AO2tLuNNt7ZoUm+z s11IFy+W3EAMOgGDnrUfhP4v+BNM8G6HYXmu+XdWun28MyfZJztdY1DDITBwQelYdh4j0jWfEfjr XrK+jbS21Pw8/wBpkBiUKk6Bid4BABU8nHSrJO0/4SDxPZfutc1PStLuuiq+iTSx3DdAIZEuSJGY g7Y8CVgM+WKksNc8ZL4i0dNRi03+xb+4e2DtZyW10zCCWVXWMzSBUIjH39rg5BRetc3/AGtLJ/p0 nxH0MX0fyxx/28hyvruWNIB1PD2sjcffGVMdzSNQhl8SeH7c+KtN1meXUzceXa6gLhoz9juhJkEk 4yUG5dkZyNsUXO4A7zUPFGk6XqJsbuadJliWeRltJXjhjYsA8kiqUjXKPyxAAUk8DNDeJ9NXWJNL UX0l1FKkMhh0+4kjjdlVgGkVCg+V1Jy3APOKz7r+1rDxlfXlpok99Deafa28cyzxRxxyRyXBPmbm 3hcSocqjnGcAkYPP+HfC1x4e1U2k+ma5dxxy2iQX9pqIgtmSO1t4i8kAuFz80bEgo2RgfMMCgDsL HxRpOo3kdtbzTlpc+RLJaSxwz4BP7qVlCSZUFhsY5UFhkAmtiuP0S11az1iCC20y+07Tl3C6guLq Ke0A2kD7KQxlX5ggVSEjEYb5FYgV2FABRRRQAUUUUAFFFFABRRRQAUUUUAQXiu9jcJG6o7RsFZl3 BTjgkZGR+I+oriH0LxG7s7+JYNxOWP8AZoHPf+P6/l2w23urhiltKw6qhPX2rHeZY3ZDJEGU4xlu CPovsOnpx0XamNHLXHhbV7hoGvddimit50uPLWw2ElGDYzv46EdPw4O3cu/+Pyf/AK6N/OotY1mL TraE7VmNxcR2yqhI27225OVxwMfl242y3f8Ax+T/APXRv51LGirL/rLX/r7g/wDRq1JUcv8ArLX/ AK+4P/Rq1JS6AR2v/HjF/vzf+jpKkqO1/wCPGL/fm/8AR0lSUMAqhqOrRabLbxNb3U8twWWOO2iM jMQMngc9Mn8Kv1h6zHfTa7o8WlzRwag6Xi2ssgyqSm2k2MeDwGweh+hoW4MnTWpHdV/sPW13HGXs HVR9SeAPc8VryIYpXjbGVJU49q57QbHxj4n1ePxH4tj/ALIt9KjlitNJgbIln8to5J3POV5cIMng gg4y0mx4jtoL2w1a0ujMLeeKaOUwKWk2sCDtABJbB4AB57Gm1YEyG21jTL21N1aajZz24kEJlinV k3kgBcg43EsoA68j1q0JomneASIZkVXaMMNyqSQCR2BKtj6H0rhL3UZdT0+68i70u9mW70wJqllA fKZjdriJgJG3FD8xG8cSjhc5JqE2q2usataS3CXOo31pZW0P2CI277C9yZNheQgSLGsrKxYDIXjs VYDuPtlr9h+2/aYfsnl+d5+8eXsxndu6bcc56YqavPtRihuPBPifTL/TPK+wW011ZW12scjwRPG5 jYFSyLtcTIgU5VEUcdT6DQAUUUUDCiiigAooooAKKKKACiiigAooooAKKKKACqNz/wAi0v8A2Dk/ 9Eir1Ubn/kWl/wCwcn/okUIRH4e/5FnSv+vOH/0AVs/Dz/kSbP8A663H/o+Ssbw9/wAizpX/AF5w /wDoArZ+Hn/Ik2f/AF1uP/R8lVETOooooqhBRRRQAUUUUAFFFFAHLXP+tX/rmn/oIqO6/wCQnY/Q /wDpM9SXP+tX/rmn/oIqO6/5Cdj9D/6TPUFDayRqUOjeLrvVLhZGgstAuLiRYwCxVJEYgZIGcD1F a1Zl9oX9pvqTNeRwLeaTPpo3IzFfN/j4HOMDjPPt3FuDGwfFuG6t4ri38EeNZoJUDxyR6SGV1IyC CHwQRzmrFp8VdNurDWbg6F4ggn0l7ZJ7Ka0Vbh2nfbGEj35JJwcHHBGM1taE8eieHtM0nz4pvsNp Fbeb8y79iBd2NpxnGcZNYDeG428Q69q39pRD+1rvTbnyvKb919kdW25x82/bjOBjPequhWNXTfG0 ur27T2HhbWZ0RzHIFmsg0TgAlHU3GUcZGVYAjuBUen/EK1vvEdvoh0XVYJppZIPtDeRLBHKiO7RP JFK4WQBG+Q/MOCQAc0mradbaxrkF5cLpjWqxeVOhhmE8y/MfLaVWUNCSQTE6MrYORyMPEDNLpZe4 0+ODS71p7WG1t3iVYfIkhSIjkZUSZ3DAO0AKKLoLHXUVyuoWen6zqJl1eOz1CxWJVgsbmMvHHJlt 8mCpDMQUUEjKhWwfnbMGqWH2660iSDU2t49N2lEaSWVnIlhbcXPO4xxyxFjklZ3ySCQxdBY7GiuK udE02/8AEFzqV/Fp92kyAxmaFzc2rgKB5M4AMaDaWCqAQ7MwYZxUlpomiWfi268QxWGmJdTxIqlL fa6SBpTJIH2Z3OJQCep2ck9i6Cx2NFZv9rR+sX/fTf8AxNH9rR+sX/fTf/E0XQWNKis3+1o/WL/v pv8A4mj+1o/WL/vpv/iaLoLGlRWb/a0frF/303/xNH9rR+sX/fTf/E0XQWNKis3+1o/WL/vpv/ia P7Wj9Yv++m/+JougsaVFZv8Aa0frF/303/xNH9rR+sX/AH03/wATRdBYuXf/AB5z/wDXNv5V5l49 sPF1xcifwprCW0gm8ua3mijKMpb/AFgZlJBGeR3A45GG7y61LzrSaKKSBJHRlV23sFJHBI2jI9sj 61yT6Vr7uzt4qsyzHJP9nHr+dJgjO1a3ubXSNFgvL1725TUbYSXDxqhkbfydqgAD0HpjJJ5PWXf/ AB+T/wDXRv51z0vh3U7uW2+2+I7SaKC4jn2LYshJRgcZzx0xW/cOr3Mrqcqzkg+2aTGV5f8AWWv/ AF9wf+jVqSo5f9Za/wDX3B/6NWpKXQCO1/48Yv8Afm/9HSVJUdr/AMeMX+/N/wCjpKkoYBTkby33 hIy2MAsgYge2Rx0H5U2igZN9pk/uxf8Afpf8Kid2d2djlmOSfekooAKKKKAKWoaXb6l5fnyXieXn H2a8lgznHXy2XPTvnH41PaWsdlapbxNMyJnBmmeV+TnlnJY9e5qaigAooooAKKKKACiiigAooooA KKKKACiiigAooooAKo3P/ItL/wBg5P8A0SKvVRuf+RaX/sHJ/wCiRQhEfh7/AJFnSv8Arzh/9AFb Pw8/5Emz/wCutx/6PkrG8Pf8izpX/XnD/wCgCtn4ef8AIk2f/XW4/wDR8lVETOooooqhBRRRQAUU UUAFFFFAHLXP+tX/AK5p/wCgimXkTPcwuswiaNFIJi3g5i2kY3L2Y9+1Puf9av8A1zT/ANBFFz/r V/65p/6CKzKKvkzf8/0f/gGf/jtHkzf8/wBH/wCAZ/8AjtSUUXAj8mb/AJ/o/wDwDP8A8do8mb/n +j/8Az/8dqSii4Efkzf8/wBH/wCAZ/8AjtHkzf8AP9H/AOAZ/wDjtSUUXAj8mb/n+j/8Az/8do8m b/n+j/8AAM//AB2pKKLgR+TN/wA/0f8A4Bn/AOO0eTN/z/R/+AZ/+O1JRRcCPyZv+f6P/wAAz/8A HaPJm/5/o/8AwDP/AMdqSii4Efkzf8/0f/gGf/jtHkzf8/0f/gGf/jtSUUXAj8mb/n+j/wDAM/8A x2jyZv8An+j/APAM/wDx2pKKLgR+TN/z/R/+AZ/+O0eTN/z/AEf/AIBn/wCO1JRRcCPyZv8An+j/ APAM/wDx2jyZv+f6P/wDP/x2pKKLgR+TN/z/AEf/AIBn/wCO0eTN/wA/0f8A4Bn/AOO1JRRcCPyZ v+f6P/wDP/x2jyZv+f6P/wAAz/8AHakoouBGsDGaFpb0MkcqSFVtNpO1g2M+YcdPSpKKKAIkglSM It6iqCxANoWI3MWIz5gzyx7Cl8mb/n+j/wDAM/8Ax2pKKLgR+TN/z/R/+AZ/+O0eTN/z/R/+AZ/+ O1JRRcCPyZv+f6P/AMAz/wDHaPJm/wCf6P8A8Az/APHakoouBH5M3/P9H/4Bn/47R5M3/P8AR/8A gGf/AI7UlFFwI/Jm/wCf6P8A8Az/APHaPJm/5/o//AM//HakoouBH5M3/P8AR/8AgGf/AI7R5M3/ AD/R/wDgGf8A47UlFFwI/Jm/5/o//AM//HaPJm/5/o//AADP/wAdqSii4Efkzf8AP9H/AOAZ/wDj tHkzf8/0f/gGf/jtSUUXAj8mb/n+j/8AAM//AB2jyZv+f6P/AMAz/wDHakoouBH5M3/P9H/4Bn/4 7R5M3/P9H/4Bn/47UlFFwI/Jm/5/o/8AwDP/AMdo8mb/AJ/o/wDwDP8A8dqSii4Efkzf8/0f/gGf /jtHkzf8/wBH/wCAZ/8AjtSUUXAj8mb/AJ/o/wDwDP8A8dqDUEWLRJoUYssVn5YYjBO2PbnGTjpV uqup/wDIKvP+uD/+gmgCv4e/5FnSv+vOH/0AVs/Dz/kSbP8A663H/o+Ssbw9/wAizpX/AF5w/wDo ArZ+Hn/Ik2f/AF1uP/R8lVETOooooqhBRRRQAUUUUAFFFFAHLXP+tX/rmn/oIqK+eQXNvHEsbPKq r+8cqoAiLEkgE9F9Kluf9av/AFzT/wBBFR3X/ITsfof/AEmesyjO1aKaTRNQjlvoLHfbSKLuKVj5 GVP7wkhMbevXt1Fc7b3K6B9ptrfR7HTroT2PmQ2che3aOe48rcBtTEmA+Tt7JktjA7GqVto+mWdj LZWunWcFpNnzYIoFWN8jB3KBg5Awc9qAOfXX9T1LxNc6Tpl1p0cUEk6+dJA0+fKS1JX5ZF+YPO4P ptAxnNQad4q1PULcarss49PNzZQfZPKYy/6RHbnPm7sfKbjps5C44zkbVz4S0K7uraafS7ORLeN4 0ga3QxfMIxu2kfeCxIoPYcemJ4PD2mQazc6v9khk1CeQSfaJI1Mkf7tY9qNjIXC9M9Wb1oA5t/FO sCx02dfsIbV4Ibi2BgfFsrz28ZV/n/enFwORs5Tp83GvomoPbaDqWoand7re3vb595ViY4Y55Bg8 ktgKcYA4wAOMnTi0fTIZJ5ItOs43uJFmmZIFBkdW3KzHHLBuQTyDzVpIYonleONEaVt8jKoBdsBc n1OFA+gHpQByOneJdZ/ty20nU7JIZpJ03O0SxkxvFcMMKs0gBDW/UtyGI2jAJxbjW7/WpL25t57a e2WewEEQdhHIy6pLGjhwWChljXcQpzwRwMHuIvDehQ2s9rFounR29xt86JLVAkm05XcMYODyM9Ks nTbBihNlbEozOpMS/KxcSEjjgl1Vj/tAHqKAOVufEmvLfto9paw3WoQySiWeGAFGVEgfIiedNv8A x8KM+Y33OnzfK+08Uarch714LGOyju7O2MSOZXc3CQHiQHbhGnzuAYOOMLjceku9H0y/jeO806zu UeQTOs0CuGcLtDEEcttAGeuBip2s7VvM3W0J8yRZnyg+Z127WPqw2Lg9RtHoKAOE0HW9T+z6LZbr N9QvtOsf9PlgZ2+aO6k/eDfmTAhx94fM7N321oaz4n1PTrNpbSO2vprCCSfUFtowybFZ1BDNKvlk mKQEASlSCCDgbukl0fTJ4ZoZdOs5Ip8ecjwKRJ85f5hjn52Zue7E9TTLrQdHvYLeC70mxuIbZdkE ctsjrEuAMKCPlGAOnoKAORh1y/spo94triae7v4beaaNi8CnUIYFUnd8ygybio25CIvGMnRj1vXZ 9dOhxNpwuIvPE128D7DsW2dWWLfnpcbSC/bdn+A9HJpthK8zyWVs7TKySs0SkyKwVWDccghEBz1C r6Ci102wsUiS0sra3WFWSJYolQIrEMwXA4BIBOOpAoAxZNcv73SPDlzp4trWbWGQn7RG0yxK1vJN jAZMnKAZyOvSslfGOrzW9nHb2UM13qMdtcW4iTPlJNHNJsZWkQOyi3ILb0B3Z2jbhu0SztY47eNL aFUtseQoQARYUqNo/h+UkcdiRUEmj6ZLatayadZvbtGkJiaBShRCSi4xjapJIHQZ4oA4W81PV9Qe d5VhV4/7MBs2l+TzxqLpu3IzrHny/mA3kcDJ2c7sWs6xc6s+hxy2Md7A0pku2tnaN1RLdsCLzAVJ +0gZ3n/Vnj5vl6D+zbDZAn2K2226hIV8pcRKCrALxwAUQ8d1X0FMu9H0y/jeO806zuUeQTOs0CuG cLtDEEcttAGeuBii4HHT65f+I9Jtr6MW1rZJf6WJLdo2kkZpHtpsiTcoAHmgY2HO0nIzgdDoep3+ pvJ50tiNjLIVhVmJicNt2ndhlOFZZRww3KURlONC50fTLy+ivbrTrOe7hx5U8sCtImDkbWIyME5G O9Pi02wgcvDZW0bGdrgskSgmVgVaTgfeIJBPUgmgCYrdZO37Ht7bppAfxxGf50bbv/px/wC/8n/x qpKKAI9t3/04/wDf+T/41Rtu/wDpx/7/AMn/AMaq19kuf+feX/vg0fZLn/n3l/74NAFXbd/9OP8A 3/k/+NUbbv8A6cf+/wDJ/wDGqtfZLn/n3l/74NH2S5/595f++DQBV23f/Tj/AN/5P/jVG27/AOnH /v8Ayf8AxqrX2S5/595f++DR9kuf+feX/vg0AVdt3/04/wDf+T/41Rtu/wDpx/7/AMn/AMaq19ku f+feX/vg0fZLn/n3l/74NAFXbd/9OP8A3/k/+NUbbv8A6cf+/wDJ/wDGqtfZLn/n3l/74NH2S5/5 95f++DQBV23f/Tj/AN/5P/jVG27/AOnH/v8Ayf8AxqrX2S5/595f++DULfJMYX+WVVDlDwwU5AOP Q4P5GgCPbd/9OP8A3/k/+NUbbv8A6cf+/wDJ/wDGqkooAj23f/Tj/wB/5P8A41Rtu/8Apx/7/wAn /wAaqSigCPbd/wDTj/3/AJP/AI1Rtu/+nH/v/J/8aqSigCPbd/8ATj/3/k/+NUbbv/px/wC/8n/x qpKKAI9t3/04/wDf+T/41Rtu/wDpx/7/AMn/AMaqSigCPbd/9OP/AH/k/wDjVG27/wCnH/v/ACf/ ABqpKKAI9t3/ANOP/f8Ak/8AjVG27/6cf+/8n/xqpKKAI9t3/wBOP/f+T/41Rtu/+nH/AL/yf/Gq kooAj23f/Tj/AN/5P/jVV75/M0KWXGPNs/Mx6bo92P1q5VG5/wCRaX/sHJ/6JFMCPw9/yLOlf9ec P/oArZ+Hn/Ik2f8A11uP/R8lY3h7/kWdK/684f8A0AVs/Dz/AJEmz/663H/o+SnETOooooqhBRRR QAUUUUAFFFFAHLXP+tX/AK5p/wCgio7r/kJ2P0P/AKTPUlz/AK1f+uaf+gio7r/kJ2P0P/pM9QUN rO1HUbi0u7K0tLB724u2dY41lVDlV3HluOgPftWjVBwf+Ey8OyYOyOS4Z27KPJYZJ7DJA+pFJbgw D+JNw8zwxLEmfmka9hIUdycMTgewJq3qNxBpcF3cXUm23tVd5ZNpOFUEk4GT0HQV1F1dW7WkyrPE SUYABxzxXFeNYZbjw54iggjeWaS0uUSNFLMzFGAAA6kmm0gQthrVlqM7QQ/aY5gu8R3NrLbsyggE qJFXcASM4zjcM4yK0K5XV9BuVtUnOpapfXRnt4Fk3LG8UD3ERmCmBUIBVRknOAvBHOaVjDrzeKJ2 e/uUmM9wDG9lO0Cw/P5JLmUQkY8o4jUSdiR+8NIDp5db0+HUBYvM4m3KjMIXMaO2NqNIBsVjlcKS Cdy4HzDNq1u4L2Fpbd96LJJETgj5kcow59GUj8K5ub7ZZa0otGvvttxPA1zEtp/odyMIks2/DGMi NThDIpzGPlbd89K1tdV0tI720hvri4l1TUA1o8hSMw5uZI1wRtUM4jIkIz84G7aQtAHb0V53o8er PrlrbG51SbTUu4ZWka3vLYZ8q5LBjO7Oy7kgyN2zJUYyTlmnReI1tJXuLzUZJzHF/aMS2s6bT5sf m+W7yMGYR+eB9mUA9Rg+WKLAd6NRs8XrG4RFsm23LP8AKsR2LJyTxjaynPTn2NM0/VbTU/MFuZle PG+OeCSGQA5wdjqG2nBAOMEqR2Nc/odjbzaX4lh+xajPY3VywSG781Jp0NtErAGYh+SGUEkDjqAK gmn1q40bU0sbrUZ4R9n8u6vLIwzjMn+kKI1WJmVYgCNoDEswVtwG0A7SiuBtY7yOC2Gp3OtXGkbp yrW9vdwyh8ReWMK73G3/AI+OXOM9seXRewa20F7J5+qQo9/AszyrLK624tEPyx27qc+efmMJHOc5 UEUWA7sTRNO8AkQzIqu0YYblUkgEjsCVbH0PpT65LwzY3sOtG7v3vJWl06OKGaWN4wypPMcMhZsM EeLHmHzCC2efMA62gYUUUUAFFFFABRRRQBNd/wDH5P8A9dG/nVaWVYU3vuxkKAqliSTgAAcnkirN 3/x+T/8AXRv51Sugxji2mUETxNuiTeygSKSQMHJHXofpR1ETLuZNximjGcDzYmjJ/BgKYkyOAQTg sVBKkAkFgQCep+RvypkqEpbho7/yd5EnmRusj/KSAAqq2NxQfKPx61HbWsivatLb3KxxyZVG8wEb nusDH3uSY857HnjNOwXJpLiONyrbiQu5tqFgi/3mIHyj3OBwfSpaqziUSSfZo7pp2jG1Yk3LIy52 hvlOACx/u/e68cONvLJq0xaa4cCdQpjhdh5YxuJfeIxn5/vAkYyO1FguWKRmVELuwVVGSScACqkN s80VsnlX252hW4kLOqsxdN4BPp84/d4GMk9BUUlpcXMN5zOXdZwUWFwgBDBF3s+z+4eF3c49aLBc 0aKgfP8AacsiRXZtwm8M2/hNvBO7Oc8Hn58j0PE/zB9pjkyGK/cPUDJ7dh3/AA60rAFYenf8jdrn /XK1/k9blYenf8jdrn/XK1/k9AG5RRRQMKKKKACiiigAooooAKKKKACiiigAooooAKKKKACqNz/y LS/9g5P/AESKvVRuf+RaX/sHJ/6JFCER+Hv+RZ0r/rzh/wDQBWz8PP8AkSbP/rrcf+j5KxvD3/Is 6V/15w/+gCtn4ef8iTZ/9dbj/wBHyVURM6iiiiqEFFFFABRRRQAUUUUActc/61f+uaf+gio7r/kJ 2P0P/pM9SXP+tX/rmn/oIqO6/wCQnY/Q/wDpM9QUNp8cskWfLkdM9drEZplUtR1ew0lY2v7lIFkJ Cls4JFIZp/a7n/n4l/77NU7y0ttRt5Le+t4rqCTBeOdA6tg55B4PIBrLj8W6DNKkUWpRPI7BVRQS WJ6ADHJrbdGR2RhhlOCPegRnWGg6Ppc7T6fpNjaTMuwyW9skbFcg4yAOMgflWhRRQMKKKKACiiig AooooAKKKKACiiigAooooAKKKKACiiigDJuvFEDXk5TTNYdDIxVhYSYYZ68jNQ/8JPF/0CdZ/wDA B/8ACs/T2kfQdHu77xNrhu76wju2itobZycxLI5VBbM20bgO/JUZJYA23iEe/PiDxQdm7O2zhPTf nGLTn/VtjHXK4zvXLES/8JPF/wBAnWf/AAAf/Cj/AISeL/oE6z/4AP8A4VE8Qj358QeKDs3Z22cJ 6b84xac/6tsY65XGd65HiEe/PiDxQdm7O2zhPTfnGLTn/VtjHXK4zvXJoAp1+xZiz+Hr+R25LSaS XJ/ErmpP+Enh4A0fVlAAAVNOdQAPQAYFRPEI9+fEHig7N2dtnCem/OMWnP8Aq2xjrlcZ3rkeIR78 +IPFB2bs7bOE9N+cYtOf9W2MdcrjO9cgEv8Awk8X/QJ1n/wAf/Cj/hJ4v+gTrP8A4AP/AIVE8Qj3 58QeKDs3Z22cJ6b84xac/wCrbGOuVxneuR4hHvz4g8UHZuzts4T035xi05/1bYx1yuM71yaAS/8A CTxf9AnWf/AB/wDCj/hJ4v8AoE6z/wCAD/4VE8Qj358QeKDs3Z22cJ6b84xac/6tsY65XGd65HiE e/PiDxQdm7O2zhPTfnGLTn/VtjHXK4zvXJoBL/wk8X/QJ1n/AMAH/wAKj0OV7vX9Xvfst1BFLHbq n2iFoySu/PUc9R+dI8Qj358QeKDs3Z22cJ6b84xac/6tsY65XGd65qeGNSvp/FXiPTbi+uLq2svI EBuFi3qW8wNkxogOSo7cUAdZRRRSGFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABVG5/5Fpf+ wcn/AKJFXqo3P/ItL/2Dk/8ARIoQiPw9/wAizpX/AF5w/wDoArZ+Hn/Ik2f/AF1uP/R8lY3h7/kW dK/684f/AEAVs/Dz/kSbP/rrcf8Ao+SqiJnUUUUVQgooooAKKKKACiiigDlrn/Wr/wBc0/8AQRUd 1/yE7H6H/wBJnqS5/wBav/XNP/QRUd1/yE7H6H/0meoKG1h6zJfQ67o8ulwxz6giXjWsUhwryi2k 2KeRwWwOo+orcoRIVuYrloEeaHPlOxOY8jBxgjBI4+mfU0luDMDQde8U+OtXj1Y2U+g+HNNjlSW1 nB869uvLZHU9P3cbFhyOWXkZ4jt+O/8AkVfEv/Xldf8AoDVvnUJGUqygg8EGR+f/AB6qd0kd6syX EUckc4YSRuuVYN1BB6jnpTbBI4xbG68PzR6lBpOkaUjSQWj29g5dJ/OuIU3viOPDIu/bw3+sPTkM xtRv9W8dmLTbuxiNkt5bLK8DTqVAsmYELIvzB3YdeNuMZ5rtJoYriCSCeNJYZFKPG6hlZSMEEHqC Kz5vDehXMaRz6Lp0qR/cV7VGC/Kq8Ajj5UQfRQOwpAcPpvieV9SmvoLK2SbU2jdGlBdoGli01AMj GVBmyRxu2LyvWuk16W6fwL4livJ7Oe4gsrhHe1BUcw7huQlijYYcbjkYbI3YG7JpthK8zyWVs7TK ySs0SkyKwVWDccghEBz1Cr6CoZtGtG0WTSbREsbV1KbLaGPaqk5YBGVkwckHKnqaAMI6lPpOjXl0 8Hn+IjJBDcocctJII4zGCVBhBdig3LnDBmVzIRVl8WazZ2k4vbO2iuo4LlIg+3M1yqwtBFsSV9rO JHAj3lmCBhjOK6CDQsTvJf6jc6mrQPAY7yG3K7HI3D5IlODtGQTg9xwMSR6DZQXVm8C+RbWe5rey hRI4Y5CGBkAVQdxDuMZ285xnmgCl4i03+0b6yH2fTtQ2Ryn+ztQk2xvkx/vh8j5ZPu/d6SnkdDlw a+81/YW+kwwxf2hZWRgurtGllVXS6kAk+fMmBDgDdwXY5PQ9Vf6bYapAsGoWVtdwq28R3ESyKGwR nBB5wT+dVtY0O21m1kgkbyfN2CV0ghkMqqSVRhKjgqCxI44PTvkA5iPxVrvkarK6acyaTbS3E7CJ 1M3lz3MZRV3HbuWAHcS205+Vs/LH4n8T6nDbaoLaN/7Olgu7a3u0jETRzxQSsxD+aWJDwuv+rT1D HA3dXp3h7TNM0w6fBaQtA0ZilDxr+9UszEMAANpLudoAUbiAAOKm/sfTP7T/ALT/ALOs/wC0P+fr yF837u37+M9OOvTigDFm8RXVnHdR3MlmbiHVrTToyFKCXzFgLkKWJ3YlkIGTgKM5wSchPF3iB9Ps 7iGxtrhhpcOpXbIqRx7Zd5CbpJ18oARkF/3nUnaMYPYjR9MEkUg06zDxRpDGwgXKIjBkUHHCqwBA 6AgEUSaPpkv2PzNOs3+xY+y7oFPkYxjZx8uNq9MdB6UAUtO1W6udbu7WZ7PyBvMCxkliEYISGyQ/ OQwwpjYBSGDK52qhis7WG6nuoraGO4uNvnSogDybRhdx6nA4GelTUDCiiigAooooA57w6+NJ8Kx7 8Z0GI7N+M4it+du8ZxnrsbGfvLnD9DXLaLfR22h+FyZAyrotskiCZV2lo4MEhpAOBub7rHAOCCdr 6SeIIG2ZgdN23O64g+XOzOcSdt7Zxn/VtjOV3NiNeuYsxPaeIVGpHUUuLi5mSGcXAa1uF+d44hFu OxljUEtsTLRn5ju+fQTxBA2zMDpu253XEHy52ZziTtvbOM/6tsZyu7MWTTVumvLa1eC7fLx+ddxy QwSOF3P5Qm2hv3j7iuCdsvJ3jegIE8b3EWk2t9faUkZvrRLqzjtrhpywZ4kCv+7BU7p4/uhzjdgE gBrVp4nv7/yba30by9Qk81il3JLbxFI/Lyys0W88zIOYwMh+eAWwvD2lRadax2moSpeW4to4FLyA Sw4MRBVmunEeDyRGF5hyPux7tZYtEeCKM2l3E27cZxqarPlhGG3yrNvYYIBBYj9xxnEeWBTv/Et1 ba1dTJZzLDp9td3dxbS3hBZ47a2dfu7lGPOKFAdmSX5YCutsdQ+2XepQeVs+xXIg3bs78xRyZ6cf 6zGOeme9c8rafbv9p0qzhsL1lCLJI8UkcSsLdWBjWdRgLGo+U8eS2M5G+TTDpWn6RZ6Zb29xDbw2 32Ybb2GMgN5e5m8uQDflmJYDIKSFT8y7wDqqKxYNbtldm8mZTMys/mXcLBCRGOB5pwACcheMxuRk lS708QQNszA6btud1xB8udmc4k7b2zjP+rbGcruVgLWsJ5miX8ezfutpBs2b92VPG3Y+fpsbP909 Dy3hP/kffGH1tv5zVq3+sRX2l3NsLbDXEBj2y3FttBZVGGyzjA3tn5WH7t+GyofJ8Isr+O/F7owZ WNsQQcgjM1PoB29FFFIYUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFUbn/kWl/7Byf8AokVe qjc/8i0v/YOT/wBEihCI/D3/ACLOlf8AXnD/AOgCtn4ef8iTZ/8AXW4/9HyVjeHv+RZ0r/rzh/8A QBWz8PP+RJs/+utx/wCj5KqImdRRRRVCCiiigAooooAKKKKAOWuf9av/AFzT/wBBFQahNFb39lJN IkcYGCzsABm3cDk+9T3P+tX/AK5p/wCginTSPFOGjdkPloMqcfwisyjN/tOw/wCf22/7+r/jR/ad h/z+23/f1f8AGtD7Xc/8/Ev/AH2aPtdz/wA/Ev8A32aNAM/+07D/AJ/bb/v6v+NH9p2H/P7bf9/V /wAa0Ptdz/z8S/8AfZo+13P/AD8S/wDfZo0Az/7TsP8An9tv+/q/40f2nYf8/tt/39X/ABrQ+13P /PxL/wB9mj7Xc/8APxL/AN9mjQDP/tOw/wCf22/7+r/jR/adh/z+23/f1f8AGtD7Xc/8/Ev/AH2a Ptdz/wA/Ev8A32aNAM/+07D/AJ/bb/v6v+NH9p2H/P7bf9/V/wAa0Ptdz/z8S/8AfZo+13P/AD8S /wDfZo0Az/7TsP8An9tv+/q/40f2nYf8/tt/39X/ABrQ+13P/PxL/wB9mj7Xc/8APxL/AN9mjQDP /tOw/wCf22/7+r/jR/adh/z+23/f1f8AGtD7Xc/8/Ev/AH2aPtdz/wA/Ev8A32aNAM/+07D/AJ/b b/v6v+NH9p2H/P7bf9/V/wAa0Ptdz/z8S/8AfZo+13P/AD8S/wDfZo0Az/7TsP8An9tv+/q/40f2 nYf8/tt/39X/ABrQ+13P/PxL/wB9mj7Xc/8APxL/AN9mjQDP/tOw/wCf22/7+r/jR/adh/z+23/f 1f8AGtD7Xc/8/Ev/AH2aPtdz/wA/Ev8A32aNAM/+07D/AJ/bb/v6v+NH9p2H/P7bf9/V/wAa0Ptd z/z8S/8AfZo+13P/AD8S/wDfZo0A4JfA3gRFCrGgUDAA1ObAH/fyl/4QfwL/AHF/8Gk3/wAcrvPt dz/z8S/99mj7Xc/8/Ev/AH2adwOD/wCEH8C/3F/8Gk3/AMco/wCEH8C/3F/8Gk3/AMcrvPtdz/z8 S/8AfZo+13P/AD8S/wDfZouBwf8Awg/gX+4v/g0m/wDjlH/CD+Bf7i/+DSb/AOOV3n2u5/5+Jf8A vs0fa7n/AJ+Jf++zRcDg/wDhB/Av9xf/AAaTf/HKP+EH8C/3F/8ABpN/8crvPtdz/wA/Ev8A32aP tdz/AM/Ev/fZouBwf/CD+Bf7i/8Ag0m/+OUf8IP4F/uL/wCDSb/45Xefa7n/AJ+Jf++zR9ruf+fi X/vs0XA4P/hB/Av9xf8AwaTf/HK1dE0vwz4da4bS5IYWuAolLXjSFgudv32OMbj09a6f7Xc/8/Ev /fZo+13P/PxL/wB9mi4Gf/adh/z+23/f1f8AGj+07D/n9tv+/q/41ofa7n/n4l/77NH2u5/5+Jf+ +zS0Az/7TsP+f22/7+r/AI0f2nYf8/tt/wB/V/xrQ+13P/PxL/32aPtdz/z8S/8AfZo0Az/7TsP+ f22/7+r/AI0f2nYf8/tt/wB/V/xrQ+13P/PxL/32aPtdz/z8S/8AfZo0Az/7TsP+f22/7+r/AI0f 2nYf8/tt/wB/V/xrQ+13P/PxL/32aPtdz/z8S/8AfZo0Az/7TsP+f22/7+r/AI0f2nYf8/tt/wB/ V/xrQ+13P/PxL/32aPtdz/z8S/8AfZo0Az/7TsP+f22/7+r/AI0f2nYf8/tt/wB/V/xrQ+13P/Px L/32aPtdz/z8S/8AfZo0Az/7TsP+f22/7+r/AI0f2nYf8/tt/wB/V/xrQ+13P/PxL/32aPtdz/z8 S/8AfZo0Az/7TsP+f22/7+r/AI0f2nYf8/tt/wB/V/xrQ+13P/PxL/32aPtdz/z8S/8AfZo0Az/7 TsP+f22/7+r/AI1Hc/8AItL/ANg5P/RIrU+13P8Az8S/99mqGquz6ZeM7FmMD5JOT900AVvD3/Is 6V/15w/+gCtn4ef8iTZ/9dbj/wBHyVjeHv8AkWdK/wCvOH/0AVs/Dz/kSbP/AK63H/o+SqiJnUUU UVQgooooAKKKKACiiigDlrn/AFq/9c0/9BFFz/rV/wCuaf8AoIouf9av/XNP/QRRc/61f+uaf+gi syiGiiigYUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUU UAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAVV1P/kFXn/XB/8A 0E1aqrqf/IKvP+uD/wDoJoAr+Hv+RZ0r/rzh/wDQBWz8PP8AkSbP/rrcf+j5KxvD3/Is6V/15w/+ gCtn4ef8iTZ/9dbj/wBHyVUSWdRRRRVCCiiigAooooAKKKKAOWuf9av/AFzT/wBBFFz/AK1f+uaf +gii5/1q/wDXNP8A0EUXP+tX/rmn/oIrMohrK1Jr+fWdI02wvEtGvHlVpWhEoAWMv0yP7uOvetWq 62c0viTR79dnk2TyvLucKTujKAAE8nJ/IH2yLcGPPhbXoQZZfEsTxp8zIunBSwHUA7zg++D9Kj8Q Xq6NpuqX6xeYtlDLMIt2NwQE4zzjpjPNdTPfRy28kagZZSozIncf71cp4ospNW0jWbC3eMSXcE8M bOfly6sASRnjmm7AiK0u79Ed9XgsbNdyJG0N40oZmO0A7o0wSSoHXJP5j69o8V3FaSatYpcytsjh a5QO7bimAuck7lK/UEdRXPXlnJY+G7mybRbHS4Z54wo0hJbgglgXkCxwApIqrlHwQHC5xgZzLLSd UvI9R0+2tk+x3ulrZveXQmgkCma6HmFGjzJLtcO4JTLNnOGBpAdu+saZHdXFq+o2a3FtGZp4jOoe JAASzDOVXBByeORVWHxPo8wv3OoW0cNi0YlmkmQJtkRXRw2fusHABOMkHFYWqeFdTv8ATbnTEezW 3El7cQTmVt7vcJOoRk24VVNwfmDMTsHyjdxoX2iai0motaTIY7u7jumjFzJbtIBCsRjMiAsgBjRw y8tyhAGSQC0PFGmDW102S9s4/OtoJ7WRrlR9p81pFAQfxfcXkE53j8X2niKwljjN3cW1nNNdz2sE Us6hpmimaL5QcZJIBwOm4DmuYtfCWtwWOo2O2x8nU7SS1mka9lke3Dz3L7hujzKQtwPvFSSpyec1 JP4Ju5Jrot5MyXvnRyqb64gSNGuJ5QSkePOys+CjFQNpAb5iQaAdVdatFa61p2lnYJr1ZXUvIF+W MLkKP4my6nHHyhjn5cEh17R7iCOeDVrGWGScW6SJcoytKRkRgg8sR261S17QZdancCdIoZNLvLFm ILMrTGLDAdwAjZ5Hb8Kq6Jqd34itNavFs7d4pIw8EM7SjYkVyoYMUX5i1wOMYAXOTnAANC81a8TV JLGw09LpoIEuLjfceW2x2cKIxtIZv3b8MUH3fm5JF19SsItQi0+S9tkvZV3x2zSqJHXnkLnJHyn8 j6Vk+JNGutY2xxWunSfu2SG7nys9i5/5axHa25h8pABQgoPm5+WrceF55fEk15hJLa4u4btme+nQ RtGsYC+QpCSHMQIdiMFhkMEAYA3YtY0yaSeOLUbOR7eRYZlSdSY3ZtqqwzwxbgA8k8VS1DWbqPV4 NM0u2s7u4eOWSXzrsxCLZ5XynajncRMpwQOOe4rMi8O6n/Y1np0kenD+y44EtZwzNJceVJE43HaP JVvJXIHmcsDk7MNHb+EJb3xBLqOv22l3kMrTSCAxmRUZ47VVwHXkgQOC3Gcg4GSqgG1B4isBpKX+ o3Ftp6+fJbOZ51VPNjdkYKzY3DKMRwCQM4HQT3GvaPaTzwXOrWMM1uoeaOS5RWiUkAFgTwCWXr/e HrXPT+Fb0R2LxFJWtGu444E1CazVYZZg8YEkQLAIiIuzG30PyjM+m+FrjTri02PbeRbX6XAVNw/d rYC2wAckHcM4LH5f4iaAOgfUrCLUItPkvbZL2Vd8ds0qiR155C5yR8p/I+lUrLxPo99p+mXi6hbQ rqSg20c0yK7scAoBnlgSFIGcHisLS/Cup2Gm22mO9m1uZLK4nnErb0e3SBSiptwysbcfMWUjeflO 3mGTwTdm1trZvJnQadFpkub64gQJEXAkKR483cr5MbFQuCAx3FqAOg1jX/7LvI7WO2+0O8YORJtE bvNHFEr8HarM7HPXEb4DYxVpNSa10+W61pbbTRE213a5DQ4OMEOQvGSB8wU5BGCME1RpV19l1SWR LO4vL2RgY5wWiaBTtSE8ZClM5+8A8jsAQdpyH8KXbaZEqRW1u0N/9si0+1u5IIYl8kxGNJo1DKCW aQkIMlipHJagDpJNY0yL7H5mo2afbcfZd06jz84xs5+bO5emeo9afJqVhDB58t7bJDudPMaVQu5A xcZz1UI+fTac9DXOWvhu/wBOWVba306VL62EFzHczSyJF+8mkJ+YM0+fPbIYpu2/w7sLV1fwnrF/ YS6dBLYraie+nSR2ffI1xHcAZAGECNPj+LcOflxtIB1Saxpkl1b2qajZtcXMYmgiE6l5UIJDKM5Z cAnI44NYp8TaiugS68dIhbTTZPeQlLzMpURmRfMUoAuQMHaz4JHBGWDLjwvPL4kmvMJJbXF3Ddsz 306CNo1jAXyFISQ5iBDsRgsMhggDMOia63hKXw2F05LdNOeyjuTO7PN+6MaEpsAjycMfmfGCADnc ADdGs2ERhS7v7GGa4nkhgT7Sp81lfZtXOMtnAKgHDHHPUsvfEOmWVreTG7hme0tpbmSCGRWl2Rkh yFz2ZSvpkYNcxP4Ju5Jrot5MyXvnRyqb64gSNGuJ5QSkePOys+CjFQNpAb5iRZvPBkt3o7WCyW0D TX9/czyopJKzpcIpxgbmAmjByRwpGeBQB10M0VxBHPBIksMih0kRgyspGQQR1BFPpkJlaCMzoiTF QXVHLKrY5AJAyM98D6Cn0DCiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigA qrqf/IKvP+uD/wDoJq1VXU/+QVef9cH/APQTQBX8Pf8AIs6V/wBecP8A6AK2fh5/yJNn/wBdbj/0 fJWN4e/5FnSv+vOH/wBAFbPw8/5Emz/663H/AKPkqoks6iiiiqEFFFFABRRRQAUUUUActc/61f8A rmn/AKCKLn/Wr/1zT/0EUXP+tX/rmn/oIouf9av/AFzT/wBBFZlENFFFAwooooAKKKKACiiigAoo ooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiii gBQCzBVBJPAA71L9kuf+feX/AL4NFp/x+Qf9dF/nUNAE32S5/wCfeX/vg0fZLn/n3l/74NQ1Si1W 1l1efTFf/SIY1kbkYOeqjnO5QULDHAkjP8QoEaf2S5/595f++DR9kuf+feX/AL4NZ8l/FHqlvp5V /OnglnVgBtCxsinPvmRcfQ1aoAm+yXP/AD7y/wDfBo+yXP8Az7y/98GoaKBk32S5/wCfeX/vg0fZ Ln/n3l/74NQ1V02/i1TS7TUIFdYbqBJ0VwAwVlDDOM84NAjQ+yXP/PvL/wB8Gj7Jc/8APvL/AN8G oaKBjpo3t4/MnRok3BdzjaMkgAZPckgD3NU9T/5BV5/1wf8A9BNZvif/AFGmf9hO2/8AQxWlqf8A yCrz/rg//oJoEV/D3/Is6V/15w/+gCtn4ef8iTZ/9dbj/wBHyVjeHv8AkWdK/wCvOH/0AVs/Dz/k SbP/AK63H/o+SqiJnUUUUVQgooooAKKKKACiiigDlrn/AFq/9c0/9BFFz/rV/wCuaf8AoIouf9av /XNP/QRRc/61f+uaf+gisyiGiiigYUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQ AUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQBNaf8fkH/XRf51DSpN9ndZvLeTyz v2Jjc2OcDJAz9SBWF/a+tf8AQsz/APgXD/8AFUCNyvONM1CFr7Tb1fEOhTXct6ZnsYp4/tJ887Wi abzSJFjDJgBPm8iMDGBjq/7X1r/oWZ//AALh/wDiqP7X1r/oWZ//AALh/wDiqAOasfClxLcW0cml fYLuHTniuNVxE32i8EkDxzfK++T54mf94BnuOSKtajoV9eaXAbzT3uGu53vL2GCO1lljmKqsajz8 xFUjBjLDDMVUj7zVt/2vrX/Qsz/+BcP/AMVR/a+tf9CzP/4Fw/8AxVMDndJ8M6nFYC8vLZ21oXen uJ5Jw7qix2y3BDbjgkJMrY5cDB3DbQnhy9bw+9lHpL2t+IIkvr1JYg2osskZkIXJEpdVk5nC/fwR h3x0X9r61/0LM/8A4Fw//FUf2vrX/Qsz/wDgXD/8VQBztr4bktYLb7TodzqOmq05GmXBtGaN2EWx /LGyBANkv3ST+9z1dwvT+Hre503wzoljcWz+fFaQwTBWUiJli5yc8jK4+XPJHbJEX9r61/0LM/8A 4Fw//FUf2vrX/Qsz/wDgXD/8VSA1oJ5Jsb7WaDMaP+8KHBOcp8rH5lwM9uRgnnE1Yf8Aa+tf9CzP /wCBcP8A8VR/a+tf9CzP/wCBcP8A8VRYA8T/AOo0z/sJ23/oYrS1P/kFXn/XB/8A0E1hXz6xqr2M T6FLbpFeQzNI1zEwCq4J4DZ6Zrd1P/kFXn/XB/8A0E0wK/h7/kWdK/684f8A0AVs/Dz/AJEmz/66 3H/o+Ssbw9/yLOlf9ecP/oArZ+Hn/Ik2f/XW4/8AR8lOImdRRRRVCCiiigAooooAKKKKAOWuf9av /XNP/QRRc/61f+uaf+gii5/1q/8AXNP/AEEUXP8ArV/65p/6CKzKIaKKKBhRRRQAUUUUAFFFFABR RRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFF FABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABVXU/+QVef9cH/APQTVqqup/8AIKvP+uD/APoJoAr+ Hv8AkWdK/wCvOH/0AVs/Dz/kSbP/AK63H/o+Ssbw9/yLOlf9ecP/AKAK2fh5/wAiTZ/9dbj/ANHy VUSWdRRRRVCCiiigAooooAKKKKAOWuf9av8A1zT/ANBFYt9q+qC8dbfw/cTRKFRZDcxLuwAM43dO OM8/TpW1c/61f+uaf+gioazKMP8AtfWv+hZn/wDAuH/4qj+19a/6Fmf/AMC4f/iq3KKAMP8AtfWv +hZn/wDAuH/4qj+19a/6Fmf/AMC4f/iq3KKAMP8AtfWv+hZn/wDAuH/4qj+19a/6Fmf/AMC4f/iq 3KKAMP8AtfWv+hZn/wDAuH/4qj+19a/6Fmf/AMC4f/iq3KKAMP8AtfWv+hZn/wDAuH/4qj+19a/6 Fmf/AMC4f/iq3KKAMP8AtfWv+hZn/wDAuH/4qj+19a/6Fmf/AMC4f/iq6GONGieSR2UKQvyrnOc+ 49KXbbf89Zf+/Q/+KoA53+19a/6Fmf8A8C4f/iqP7X1r/oWZ/wDwLh/+Krottt/z1l/79D/4qjbb f89Zf+/Q/wDiqAOd/tfWv+hZn/8AAuH/AOKo/tfWv+hZn/8AAuH/AOKrottt/wA9Zf8Av0P/AIqj bbf89Zf+/Q/+KoA53+19a/6Fmf8A8C4f/iqP7X1r/oWZ/wDwLh/+Krottt/z1l/79D/4qjbbf89Z f+/Q/wDiqAOd/tfWv+hZn/8AAuH/AOKo/tfWv+hZn/8AAuH/AOKrottt/wA9Zf8Av0P/AIqqOq39 vpsEDjzZXmuYrdVKhQC7AZJyegyenPT3oAy/7X1r/oWZ/wDwLh/+Ko/tfWv+hZn/APAuH/4qt+KP zZkjzjewXPpmn7bb/nrL/wB+h/8AFUAc7/a+tf8AQsz/APgXD/8AFUf2vrX/AELM/wD4Fw//ABVd Fttv+esv/fof/FUbbb/nrL/36H/xVAHO/wBr61/0LM//AIFw/wDxVH9r61/0LM//AIFw/wDxVdFt tv8AnrL/AN+h/wDFUbbb/nrL/wB+h/8AFUAc7/a+tf8AQsz/APgXD/8AFUf2vrX/AELM/wD4Fw// ABVdFttv+esv/fof/FUbbb/nrL/36H/xVAHO/wBr61/0LM//AIFw/wDxVH9r61/0LM//AIFw/wDx VdFttv8AnrL/AN+h/wDFUbbb/nrL/wB+h/8AFUAc7/a+tf8AQsz/APgXD/8AFUf2vrX/AELM/wD4 Fw//ABVaGl6gmqWIu40ZEaSRFDdcK7KCfTO3OO2e9aflRLHG0kjguN2FQHHJHqPSgDnP7X1r/oWZ /wDwLh/+Ko/tfWv+hZn/APAuH/4qui223/PWX/v0P/iqNtt/z1l/79D/AOKoA53+19a/6Fmf/wAC 4f8A4qj+19a/6Fmf/wAC4f8A4qui223/AD1l/wC/Q/8AiqNtt/z1l/79D/4qgDnf7X1r/oWZ/wDw Lh/+Ko/tfWv+hZn/APAuH/4qui223/PWX/v0P/iqNtt/z1l/79D/AOKoA53+19a/6Fmf/wAC4f8A 4qj+19a/6Fmf/wAC4f8A4qui223/AD1l/wC/Q/8AiqNtt/z1l/79D/4qgDnf7X1r/oWZ/wDwLh/+ Ko/tfWv+hZn/APAuH/4qtKW/hXW4tNjEjM9s9wzsAoADKoAGTnO4+mMd88WqAMP+19a/6Fmf/wAC 4f8A4qj+19a/6Fmf/wAC4f8A4qtyigDD/tfWv+hZn/8AAuH/AOKo/tfWv+hZn/8AAuH/AOKrcooA w/7X1r/oWZ//AALh/wDiqP7X1r/oWZ//AALh/wDiq3KKAMP+19a/6Fmf/wAC4f8A4qj+19a/6Fmf /wAC4f8A4qtyigDD/tfWv+hZn/8AAuH/AOKqK51HWri1mg/4RudfMRk3faoTjIx/eroaKLgUtGt5 bTQ9Ptp12SxW0cbrkHDBQCMj3rU+Hn/Ik2f/AF1uP/R8lQVP8PP+RJs/+utx/wCj5KqImdRRRRVC CiiigAooooAKKKKAOWuf9av/AFzT/wBBFQ1Nc/61f+uaf+gioazKCiiigYUUUUAFFFFABRRRQAUU UUATL/x5y/8AXRP5NUNTL/x5y/8AXRP5NUNAgooooGYV0b3UPEVzp8Op3NhDbWkE4a2SItI0jyqd 3mI/AEQxjHU5zxjF07xLqeq6hYWXmpbNqOj2l35wQbIXfzTII853SEKNqtkAI7HO0q3SXujG5vje W2o3lhcPGsUr2wibzFUsVBEiMBgu/TH3uc4GI4vDWmRI8SxP5DWkFosW84jSEuYyrfeDAvndnIKq RgjNAjXopkKNFBHG8rzMqhTI4AZyB1OABk+wA9qfQMKw/E/+o0z/ALCdt/6GK3Kw/E/+o0z/ALCd t/6GKEI6K0/4/IP+ui/zqGprT/j8g/66L/OoaBhWRrlxcpJpdnbXL2xvrswPPGql0UQyyfLuBXJM YHIPBPfBGvVLUtNTUY4f381vPBJ5sE8O3fG21lJAYFTlWYcg9fXBABn3+qf8ItpazaldvfK0/lxy SPbwPgqThi7RoxyG+6AcY4OCxZbeMdOvJv8AR4bx7XzIY2u/K2xAzJG0XUhju81RgAlT94KCCZm8 PFvKmGr6it9HvH23MTSFX27k2lDGF/dx/dQcrnqzFmWXhOwsdLGnxS3JhE9rPuZl3boFhVO3QiBM /U4xxgEMbxfZRaZJqdxaXkFj5ay29xKqCO4VmVVKtuwmS6Y8zZw2TgK22DSfFMOva3ZpYS/6Mba6 8+LdG+JUa32/OhZT8spPysR82DyMC1H4Wt47P7Gb++e2iVFtIi6hbQIysmwBRuKlEwZN5+XHIZt1 q00VLa+hvZb28u7qOOWPzJ3X5hIYyflVQq48pAAoA6kgkk0AadFFFAzD8If8i1B/11n/APRz10U3 +qt/+uZ/9Caud8If8i1B/wBdZ/8A0c9dFN/qrf8A65n/ANCahiIaKKKBmL4g1V9Jn0d8zeRNemKd YYGmd18iVgAqqW+8qngdvTNZieM7W0h1W9vXm+zrqK2tpHNGLZ+beOQqfO2BefMbLkZ6DOVB6O6s Iru4sZ5GcNZzmeMKRgsY3j59sSH8cVSuPD9vNJPNHc3MFzLdi8SeMqWhkEIh+UMpUgoCMMD94ng4 wCMW38ax3OqBrSG5vra6ggW2t7fytwmLXXmfMzBSALfGQxB2/LkHJ6fT7+LUrNbmJXQFnjZHA3I6 MUdTjIyGUjIJBxwSOawr3wnJLf2F3a6peRXEUiGe5d0eQqqXAyoZCu4tcHIwFC8KFwBW7p9hFptm ttEzuAzyM7kbnd2LuxxgZLMTgAAZ4AHFAFqiiigZhv8A8j3D/wBgyT/0alblYb/8j3D/ANgyT/0a lblDEFFFFAwooooAKKKKACiiigAooooAKn+Hn/Ik2f8A11uP/R8lQVP8PP8AkSbP/rrcf+j5KqJL OooooqhBRRRQAUUUUAFFFFAHLXP+tX/rmn/oIqGoJtL8ZSylhFoKrgAA3ExIAGBz5ftTP7I8Z/8A PPQf/Aib/wCIqOVlXLVFVf7I8Z/889B/8CJv/iKP7I8Z/wDPPQf/AAIm/wDiKOVhctUVV/sjxn/z z0H/AMCJv/iKP7I8Z/8APPQf/Aib/wCIo5WFy1RVX+yPGf8Azz0H/wACJv8A4ij+yPGf/PPQf/Ai b/4ijlYXLVFVf7I8Z/8APPQf/Aib/wCIo/sjxn/zz0H/AMCJv/iKOVhctUVV/sjxn/zz0H/wIm/+ Io/sjxn/AM89B/8AAib/AOIo5WFxNQspb6FYk1C7tEDbm+zMqlj2ySpPGT0x1+lZ3/COS/8AQwaz /wB/k/8AiK0v7I8Z/wDPPQf/AAIm/wDiKP7I8Z/889B/8CJv/iKLMLozf+Ecl/6GDWf+/wAn/wAR R/wjkv8A0MGs/wDf5P8A4itL+yPGf/PPQf8AwIm/+Io/sjxn/wA89B/8CJv/AIiizC6M3/hHJf8A oYNZ/wC/yf8AxFH/AAjkv/Qwaz/3+T/4itL+yPGf/PPQf/Aib/4ij+yPGf8Azz0H/wACJv8A4iiz C6M3/hHJf+hg1n/v8n/xFH/COS/9DBrP/f5P/iK0v7I8Z/8APPQf/Aib/wCIo/sjxn/zz0H/AMCJ v/iKLMLozf8AhHJf+hg1n/v8n/xFJ/wjKvNA8+r6pcLDKkyxyyIVLKQRn5PatP8Asjxn/wA89B/8 CJv/AIij+yPGf/PPQf8AwIm/+Ioswuiyd+0+XI0T4+WRQCVPYjIIyPcEVif8I5L/ANDBrP8A3+T/ AOIrS/sjxn/zz0H/AMCJv/iKP7I8Z/8APPQf/Aib/wCIoswujN/4RyX/AKGDWf8Av8n/AMRR/wAI 5L/0MGs/9/k/+IrS/sjxn/zz0H/wIm/+Io/sjxn/AM89B/8AAib/AOIoswujN/4RyX/oYNZ/7/J/ 8RR/wjkv/Qwaz/3+T/4itL+yPGf/ADz0H/wIm/8AiKP7I8Z/889B/wDAib/4iizC6M3/AIRyX/oY NZ/7/J/8RR/wjkv/AEMGs/8Af5P/AIitL+yPGf8Azz0H/wACJv8A4ij+yPGf/PPQf/Aib/4iizC6 M3/hHJf+hg1n/v8AJ/8AEUf8I5L/ANDBrP8A3+T/AOIrS/sjxn/zz0H/AMCJv/iKP7I8Z/8APPQf /Aib/wCIoswuhNM06LStPjs4ZJJEQs26QjcSzFjnAA6k9qgv9Kmv7gS/2xqVuoUKsUDoqqOv9wk8 knknr6Yqx/ZHjP8A556D/wCBE3/xFH9keM/+eeg/+BE3/wARRZhdGb/wjkv/AEMGs/8Af5P/AIij /hHJf+hg1n/v8n/xFaX9keM/+eeg/wDgRN/8RR/ZHjP/AJ56D/4ETf8AxFFmF0Zv/COS/wDQwaz/ AN/k/wDiKP8AhHJf+hg1n/v8n/xFaX9keM/+eeg/+BE3/wARR/ZHjP8A556D/wCBE3/xFFmF0Zv/ AAjkv/Qwaz/3+T/4ij/hHJf+hg1n/v8AJ/8AEVpf2R4z/wCeeg/+BE3/AMRR/ZHjP/nnoP8A4ETf /EUWYXRm/wDCOS/9DBrP/f5P/iKP+Ecl/wChg1n/AL/J/wDEVpf2R4z/AOeeg/8AgRN/8RR/ZHjP /nnoP/gRN/8AEUWYXRTsNBSx1H7c9/e3c3lGEfaXVgFJBPRQeqitaqv9keM/+eeg/wDgRN/8RR/Z HjP/AJ56D/4ETf8AxFFmF0WqKq/2R4z/AOeeg/8AgRN/8RR/ZHjP/nnoP/gRN/8AEUcrC5aoqr/Z HjP/AJ56D/4ETf8AxFH9keM/+eeg/wDgRN/8RRysLlqiqv8AZHjP/nnoP/gRN/8AEUf2R4z/AOee g/8AgRN/8RRysLlqiqv9keM/+eeg/wDgRN/8RR/ZHjP/AJ56D/4ETf8AxFHKwuWqKq/2R4z/AOee g/8AgRN/8RR/ZHjP/nnoP/gRN/8AEUcrC5aqf4ef8iTZ/wDXW4/9HyVnf2R4z/556D/4ETf/ABFb /hPSbnRPDdtp920TTxvKzGFiy/NIzjBIB6MO1NKwmbVFFFUIKKKKACiiigAooooAKKKKACiiigAo oooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACii igAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKK ACiiigD/2Q==

  11. In the Allow certificates screen:

    • Select The gateway must use a certificate issued by this Certificate Authority.
    • Select fabrikam-test-w2k3 from the drop-down list.

  12. Select Advanced in the Traditional mode IKE properties screen.

  13. In the Traditional mode advanced IKE properties screen:

    • Select Group 2 (1024 bit).
    • Enter 480 in Renegotiate IKE (phase 1) Security associations every.
    • Enter 3600 in Renegotiate IPSec (IKE phase 2) Security associations every.

Configure VPN Peer Gateway

Use the following steps to configure the VPN peer gateway.

  1. From the left menu of the CheckPoint Smart Dashboard, right-click Interoperable Device and select new.
  2. On this screen:
    • Enter ISAServer as the Name of the interoperable device.
    • Enter 14.15.16.17 as the IP Address of the interoperable device.
  3. Select Topology from the left menu. On this screen:
    • Select Manually defined under VPN Domain.
    • Select ISAServer-Remote from the drop-down list.
  4. Select VPN from the left menu, and then select Traditional mode configuration.
  5. In the Traditional mode IKE properties screen:
    • Select 3DES.
    • Select SHA1.
    • Select Public Key Signatures.
    • Select Specify.
  6. In the Allow certificates screen:
    • Select The gateway must use a certificate issued by this Certificate Authority.
    • Select fabrikam-test-w2k3 from the drop-down list.
  7. Select Advanced in the Traditional mode IKE properties screen.
  8. In the Traditional mode advanced IKE properties screen:
    • Select Group 2 (1024 bit).
    • Enter 480 in Renegotiate IKE (phase 1) Security associations every.
    • Enter 3600 in Renegotiate IPSec (IKE phase 2) Security associations every.

Configure Encryption Rule

Use the following steps to configure an encryption rule.

  1. Choose Add Rule --> Top from the Rules menu.
  2. In the new rule:
    • Select ISAServer-Remote for the Source.
    • Select Internal_BL for the Destination.
    • Select Encrypt as the Action.
    • Select Log as the Track.
  3. Choose Add Rule --> Top from the Rules menu.
  4. In the new rule:
    • Select Internal_BL for the Source.
    • Select ISAServer-Remote for the Destination.
    • Select Encrypt as the Action.
    • Select Log as the Track.
  5. Right-click Encrypt under Action for rule number one.
  6. Highlight IKE and select Edit.
  7. Right-click Encrypt under Action for rule number one.
  8. On this screen:
    • Select 3DES as the Encryption Algorithm from the drop-down list.
    • Select SHA1 as the Data Integrity from the drop-down list.
    • Select Use Perfect Forward Secrecy.
    • Select Group 2 (1024 bit) as the Use DH Group from the drop-down list.
  9. Test the IPSec tunnel after the third-party gateway peer has been configured by sending icmp traffic to the remote internal network through the IPSec tunnel using the ping utility.

Troubleshooting the Checkpoint Solution

The following section contains troubleshooting tips. For additional troubleshooting information, refer to the CheckPoint Knowledge Base articles on the CheckPoint website (www.checkpoint.com).

Configuration

Review the configuration for accuracy:

  • Local IP settings
  • Remote IP settings
  • IPSec Phase 1 settings
  • IPSec Phase 2 settings
  • Rule set

Logs

Review the log files for any errors:

  • Default CheckPoint logs viewed through the SmartView Tracker
  • IKE Debug

This feature can be enabled by typing debug ikeon.

All IKE debug information will be logged to the $FWDIR/ike.elg file.