ࡱ> ܥhc e/, $C:>>>>>V4)X5>>>:>>G\EnMicrosoft( Windows(95 Dial-Up Networking 1.3 Upgrade PPTP Information Technical Details on Use of PPTP Tunnels 1.1 Overview PPTP is a tunneling protocol defined by the PPTP Forum that allows PPP packets to be encapsulated within Internet Protocol (IP) packets and forwarded over any IP network, including the Internet itself. PPTP provides support for virtual LAN connection establishment/release and encapsulation of higher level protocol frames within the Generic Routing Encapsulation (GREv2) over IP. GREv2 encapsulation is connectionless, and is carried directly on top of IP. PPTP provides for congestion control using a sliding window mechanism. 1.2 Using the Internet to Access Remote Networks Establishing a PPTP connection to a remote private network via the public Internet provides the following benefits: The private network's IP address space does not have to be coordinated with the Internet address space. All network protocols supported by RAS are supported in the PPTP connection case. Private networks that are running combinations of TCP/IP, IPX, or NBF can be accessed. RAS security protocols and policies are used to prevent unauthorized connections. All network packets being sent over the Internet can be encrypted. Window95 PPTP Client / Internet / NT RAS Server Protocol Stack  1.3 Windows95 Support for PPTP Windows95 supports a single instance of a PPTP connection over a LAN or WAN Internet connection. Windows95 will attempt to allow all connected networks to be visible from the client PC. As described below, this is not possible in all cases. 1.4 Network Protocol Issues When a PPTP connection is established, the client network protocols will see an additional dial-up adapter become active. PPTP itself uses TCP/IP to tunnel network packets, so at least one adapter in the client must be bound to, and running TCP/IP. This adapter can be a NIC, in the case where the client is connecting to a PPTP server on a LAN. The TCP/IP adapter can also be a dial-up adapter, in the case where the client is dialing into a RAS server or ISP, and then connecting to a PPTP server across a private Intranet or the public Internet. 1.4.1 NBF It is assumed that the PPTP client is connecting to an NT RAS/PPTP server. NBF will work as expected. The PPTP client will be able to see both the original network and the new network concurrently. The client will be visible to computers on both LANs, but the networks will not be joined through the client. The clients ability to see computers on the new network is provided by the WindowsNT Servers NetBIOS gateway. 1.4.2 NWLink Once connected via PPTP, only the target network will be visible with IPX at that time. This is unchanged from current Window95 dial-up IPX connections. Currently, when IPX is selected in a phonebook entry and IPX is active on a NIC, a dialog is presented to the user (at dial time) explaining that Netware servers on the local LAN will no longer be visible once a connection is established to the remote LAN. Users will see this same dialog when establishing a PPTP connection. 1.4.3 TCP/IP Several TCP/IP configurations will be examined. As a baseline, the first is the simple case of joining two routed IP networks together without PPTP. 5.4.3.1 The Baseline: Two Routed IP Networks In this configuration, IP packets generated by Client that are destined for hosts on the local subnet 1.1.1 are addressed at the MAC level directly to the target host and forwarded over interface A. Client packets destined for Remote1 are addressed at the IP level to Remote1and at the MAC level to host Gateway. Gateway, upon receiving these packets, changes the MAC address to be that of the target Remote1 and forwards them on interface B. The most common workstation configuration is a simple variation where local subnet packets are sent directly to the target host and all other packets are forwarded to a default gateway. DHCP assigns both client IP addresses and a default gateway address at boot time. Any given host can have only a single active default gateway. This is ideal in the case of a host with a single adapter but does not work for hosts with multiple adapters. In the example below, both Client and Remote1 could replace their route entry for the peer LAN with a default route, but Gateway requires explicit routes to each LAN in order to work properly. PPTP effectively makes all hosts have multiple adapters and exposes the limitations of default gateway based routing schemes. Joining two IP Networks without PPTP: The Trivial Case  5.4.3.2 Using PPTP to Securely Bridge Two Networks In the next scenario, Gateway has been made a PPTP server and PPTP filtering has been enabled on interface A. PPTP filtering effectively makes Gateway invisible to Client without first establishing a PPTP connection. Clients TCP/IP stack has a route to Gateway, and uses this to establish and maintain the PPTP connection. Since only PPTP packets are accepted on Gateways interface A, no applications can see Gateway at address 1.1.1.2. Once the PPTP tunnel has been established, Client has a second active adapter, with a new IP address assigned to it by the Gateway PPTP server. Since the WindowsNT RAS server supports TCP/IP clients by proxy-arping for them on its local networks, Client is effectively bridged to the LAN side of Gateway. Remote1 would send packets to Client by addressing them at the MAC level to Gateway who would forward them over the PPTP adapter to Client. Remote1 is completely unaware of Gateways role in this process, since Gateway is pretending to be every PPTP client at the MAC level. The issues associated with this configuration are identical to those of a conventional NT RAS server setup. This is no accident, since a PPTP server is a RAS server that uses an IP network as a media type. On the 1.1.1 network, Client has an IP address of 1.1.1.1. On the 2.2.2 network, Clients IP address is 2.2.2.4. Name servers on each network must be configured correctly. For hosts other than Client on the 1.1.1 network to see hosts on the 2.2.2 network, each host must be configured with a route entry that makes Client the gateway to network 2.2.2. All hosts on the 2.2.2 network can automatically see Client, but not other hosts on 1.1.1. In order for this to occur, each host on the 2.2.2 network must be configured with a route entry that makes Client (2.2.2.4) the gateway to network 1.1.1. The packet path from a host on 2.2.2 to a host on 1.1.1 would then be: Address the packet at the IP level to the target host and at the MAC level to Client. Gateway steals the packet and forwards it to Client over the PPTP connection. Client sees that its destination IP address is on 1.1.1 and forwards it on interface A. Clearly configuring a network by hand is a non-trivial process. PPTP, by virtue of making clients multi-homed, further complicates this. RIP or OSPF can help automate this process. Joining two IP Networks with PPTP  5.4.3.3 A Typical Case The next network represents most real world networks. Router1, and probably Gateway, have been hand configured by a system administrator to have explicit routing information. Clients are relying on the routing entries created locally (and automatically) derived from each NICs IP address and subnet mask. These entries allow the client to reach hosts on the same subnet. Additionally, a single default gateway entry forwards all other packets to a router who hides the larger and more complex routing policy. Even if routers are dynamically exchanging RIP or OSPF routing information, in many cases the simple default gateway scheme will be used for clients. DHCP can easily assign IP addresses, subnet masks and default gateways. In the example below, Client can see all hosts on his local subnet, 1.1.1 by way of the 1.1.1 route table entry. He can see all hosts on the 2.2.2 network, including Gateway, by using the default gateway route. Note that PPTP filtering on Gateways interface A restricts traffic to Gateway to PPTP connections. Joining two IP Networks with PPTP: The Problem Case (Before Tunneling)  1.4.4 The Multiple Default Gateway Problem After Client has established a PPTP tunnel to Gateway, it is effectively bridged to network 3.3.3 on the new interface B. As part of establishing this connection, RAS/PPTP normally changes the default gateway of Client to be Gateway. In this example, this is not necessary to see hosts on the bridged network 3.3.3, but would be necessary if the other side of Gateway was attached to a more complex network. Changing the default gateway entry has the unwanted side effect of making hosts that were visible on network 2.2.2, including Gateway itself, unreachable. In general, after establishing a PPTP connection from a host that was using a default gateway scheme, only hosts on local subnets (on the same LAN segment) will remain visible. In order to prevent this problem from breaking the PPTP connection itself, Windows95 establishes a single host route entry to the PPTP gateway itself through the old default gateway, Router1. This solves the multiple default gateway problem for the PPTP connection itself, but leaves some hosts on the originating network invisible. This problem occurs only when clients are using default gateways to reach some networks. Explicit host or network route table entries will continue to be valid when the a PPTP connection is established. This means that clients that are receiving local RIP or OSPF routing updates will not have any problems. Joining two IP Networks with PPTP: The Problem Case (After Tunneling)  There is another common PPTP configuration that will be impacted by this problem. If a non-LAN attached client dials into an ISP to get on the Internet, then establishes a PPTP tunnel to their corporate network, they will loose connectivity to the rest of the Internet during the life of the PPTP connection. Information in this document is subject to change without notice. The names of companies, products, people, characters, and/or data mentioned herein are fictitious and are in no way intended to represent any real individual, company, product, or event, unless otherwise noted. No part of these documents may be reproduced or transmitted in any form or by any means, electronic or mechanical, for any purpose, without the express written permission of Microsoft Corporation. Permission to print one copy for personal use is hereby granted if your only means of access is electronic. Microsoft Corporation may have patents or pending patent applications, trademarks, copyrights, or other intellectual property rights covering subject matter in these documents. The furnishing of these documents does not give you any license to these patents, trademarks, copyrights, or other intellectual property rights except as expressly provided in any written license agreement from Microsoft Corporation. Copyright 1996-1997 Microsoft Corporation. All rights reserved. Microsoft, MS-DOS, MS, Windows, and Windows NT are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries. The Windows95 PPTP client is based on code developed by US Robotics Access Corp. Other product and company names mentioned herein may be the trademarks of their respective owners. ________________ Microsoft Confidential /=.:;? !H  &WordMicrosoft Word  System    -@Times New Romank~wWw  - --- !dX%` ------ !dX%X------ !(-----O9--B-@ Arial> 'b~wk~wWw> ' -.2  V.34, etc.-%%%".'--A  --r6  - 4 .2 4 PPTP--)-.\'--A 1 --6 > - Yl .2 Yl IP-.\'--A  --6  @ Arial b~wk~wWw  - | . 2 | * .\'--q--f- . 2 * .\'--OA  --B6  - | . 2 | * .\'--O --B- .2  V.34, etc-%%%".\-. 2 ..'--Oq--Bf- . 2 * .\'&xv--%}p}--&&x7--%}1--&&kxv7--%p}p1--&&7--%1--&&x--%}--&&xv--%p}--&&,v7--%1p1--&--=--J- N.2 NModemJ**%?.\'&3t--%y8y--&&4P --%`j j-- $bT8jb $  j U--&&l- b--%G G-- $1pG\ $ ] G 2--&&l --% -- $p $   --&--A  --6 " - =I .2 =I PPP---.\'&40f--%`JxK-- $b48Jb_ $vaKv6--&--9a-- .m- o.2 oIP, IPX,--+.\A.2 ANBF0-).'--A a -- 6 m - o .2 o IP, IPX,--+.\I .2 I NBF0-).'&4 --%` -- $b8b $ --&&tZ--%Tyy--&--.a 4--%Z <- .2 IP/.\3Q.2 3QWAN /O;<.u.2 uLAN2;<.'&t:--%4yy--&&[ t --% y` y--&&4 --%`x-- $b8b $vv--&-- .}  -- !q  @ Arialf b~wk~wWwf  -  .2  NT RAS<4<97.\-j) .2 j) Server7. /. .-'- - .9- - !-- .2 RASR<97.\j.2 jClient<.3.'- - .- - !%- 9.2 9ISPR77.\'& mP A--  $ } }   $     $     $     $     $    $ % % 1 3 3 3 / / 1 1 $ / 3 3 / $ / 3 3 / $ / 30 30 / $< /< 3L 3L / $X /X 3h 3h / $t /t 3 3 / $ / 3 3 / $ / 3 3 / $ / 3 3 / $ / 3 3 / $ / 3 3 / $ / 3, 3, /$ 8 /8 3@ 3B 3B 1B )> )> 1@ 1@ / $> B B >  $> B B >  $> B B >  $> B B >  $> B B >  $> B B >  $8 8 {( {(  $  { {  $  { {  $  { {  $  { {  $  { {  $  { {  $t t {d {d  $X X {H {H  $< < {, {,  $  { {  $  { {  $  { { -- &(8  - '-- 9-- .-  A.2 APPP ---.\'-- 91-- .>- Yd.2 YdIP-.\'-- 9-- r.- ,.2 ,PPTP--)-.\'-- 9-- ."- =A.2 =APPP---.\'--  -- -  .2 PPPP---.\'--  1-- >- Y4.2 Y4IP-.\'-- q1-- f>- Y.2 YIP-.\'&mHA--  $}} $ $ $ $ $  $ %%1333//11 $/33/ $/3 3 / $/3(3(/ $4/43D3D/ $P/P3`3`/ $l/l3|3|/ $/33/ $/33/ $/33/ $/33/ $/33/ $/3$3$/$ 0/0383:3:1:)6)61818/ $6:: 6  $6::6 $6::6 $6::6 $6::6 $6::6 $00{ {  ${{ ${{ ${{ ${{ ${{ ${x{x $ll{\{\ $PP{@{@ $44{${$ ${{ ${{ ${{-- &(0- '&4 3- -%` - - $b8b- $ .  -- &&4p- -%`x- - $bt8b $vvu-- &&rp - -% - - $tv $   u-- &-':~@$   &WordMicrosoft Word  <System    -@Times New Romank~wWw ( - <'--)--@ Arial qb~wk~wWw q -.2 <Client<.3.-'--)"--@@ Arial b~wk~wWw  - B .2 B <1.1.1%%%.\@ Arial b~wk~wWw  -D.2 D<.1%.'- - q- - e%- .2 <GatewayA..B.-.\-'- -   - -   -  .2  <Remote1<.J3...\-'-- 5d--S- U.2 U<Network0%/%".\'--55--S- U.2 U<Gateway4%%/%!.\@ ArialI Ab~wk~wWwI A - '--a 5--& S- U .2 U  <Interface%%%"%.\- '-- % R-- &* - -%$ - -&-- d--$- &.2 &<2.2.2%%%.\&j.2 &j<.*.'--5--$-  '--a --& $- &w. 2 &w<B*-.\- '--? d--!- .2 <1.1.1%%%.\j.2 j<.*.'--C5--%-  '--Ca --%& - w. 2 w<A*-.\- '&* )- -%#$ #- -&&--  $-- &&v+ --  $  -- &&- -%- -&&PY- -%TT- -&&- -%- -&&  - -%  - -&--"--F@T- Be.2 Be<1.1.1%%%.\-D.2 D<.2%.'--% "--@- B .2 B <2.2.2%%%.\-D.2 D<.2%.'-- " -- @ - B .2 B <2.2.2%%%.\-Dn .2 Dn <.1%.'--Tn--- . 2 <A1-.\'--n--t6- =. 2 =<A1-.\'--Sn--- . 2 <B1-.\'-- nk --  -  . 2  <A1-.\'-- 5h--S- U.2 U<Network0%/%".\'--95--S- U.2 U<Gateway4%%/%!.\- '--e5--*S- U.2 U <Interface%%%"%.\- '-- )R-- &.- -%(- -&-- h--$- &.2 &<2.2.2%%%.\&n.2 &n<.*.'--9--$- &.2 &<1.1.1.2%%%%.\- '--e--*$- &{. 2 &{<A.-.\- '--? h--!- .2 <1.1.1.%%%.\n.2 n<.*.'--C9--%-  '--Ce--%*- {. 2 {<A*-.\- '&.)- -%#(#- -&-- 5` -- S - U .2 U <Network0%/%".\'--1 5 -- S - U .2 U <Gateway4%%/%!.\- '--] 5 --" S - U .2 U <Interface%%%"%.\- '-- ! R -- & & - -% - -&-- ` -- $ - & .2 & <1.1.1%%%.\&f .2 &f <.*.'--1  -- $ - & .2 & <2.2.2.2%%%%.\- '--]  --" $ - &s . 2 &s <A.-.\- '--? ` --! -  .2 <2.2.2.%%%.\f .2 f <.*.'--C1 --% -  '--C] --%" - s . 2 s <A*-.\- '& & )- -% # #- -&-0:~@$, H B&WordMicrosoft Word  <System    -@Times New Romank~wWw ( - <'--)n--{@ Arial qb~wk~wWw q -.2 <Client<.3.-'--)--m@ Arial b~wk~wWw  -  .2  <1.1.1t%%%.\@ Arial b~wk~wWw  -.2 <.1%.'- - qn- - e{%- .2 <GatewayA..B.-.\-'- -  n - -  { -  .2  <Remote1<.J3...\-'-- Nd--l- n.2 n<Network0%/%".\'--5N--l- n.2 n<Gateway4%%/%!.\@ ArialI Ab~wk~wWwI A - '--a N--& l- n .2 n  <Interface%%%"%.\- '-- % k-- &* - -%$ - -&--5--=-  '--a --& =- '--X d--:- .2 <1.1.1%%%.\j.2 j<.*.'--\5-->-  '--\a -->& - w. 2 w<A.-.\- '&7* B- -%<$ <- -&&DY--  $EXXE-- &&vD+ Y--  $EX X E-- &&S- -%N- -&&PYS- -%TTN- -&&S- -%N- -&&  S- -%  N- -&----mFT- e.2 e<1.1.1%%%.\-.2 <.2%.'--% --m-  .2  <2.2.2%%%.\-.2 <.2%.'--  --m  -  .2  <2.2.2%%%.\-n .2 n <.1%.'--T"--}@- B. 2 B<A.-.\'--"--}t@6- B=. 2 B=<A1-.\'--S"--}@- B. 2 B<B.-.\'-- "k --} @ - B . 2 B <A1-.\'-- Nh--l- n.2 n<Network0%/%".\'--9N--l- n.2 n<Gateway4%%/%!.\- '--eN--*l- n.2 n <Interface%%%"%.\- '-- )k-- &.- -%(- -&-- h--=- ?.2 ?<2.2.2%%%.\?n.2 ?n<.*.'--9--=-  '--e--*=- ?{. 2 ?{<B.-.\- '--X h--:- .2 <1.1.1%%%.\n.2 n<.*.'--\9-->-  '--\e-->*- {. 2 {<A.-.\- '&7.B- -%<(<- -&-- N` -- l - n .2 n <Network0%/%".\'--1 N -- l - n .2 n <Gateway4%%/%!.\- '--] N --" l - n .2 n <Interface%%%"%.\- '-- ! k -- & & - -% - -&-- ` -- = - '--1  -- = -  '--]  --" = -  '--X ` --: -  .2 <2.2.2.*%%%.\'--\1 --> -  '--\] -->" - s . 2 s <A-.\- '& 7& B- -% < <- -&&Oy-- B$nnDD;;=@;;nNnNMMKHD-- &--)---  .2  <2.2.2%%%.\-.2 <.4%.'----FT- e.2 e<2.2.2%%%.\-.2 <.3%.'--(--dY@ Arial b~wk~wWw -  d. 2 d<Xo.\'-- k--l- .2  <PPTP Filter//4/.%.\'--TS--q- s. 2 s<B-.\'--S--`q#- s*. 2 s*<B-.\'--:--mX?- Z.2 Z<Host0%".\'--:/--Xk- Z~.2 Z~ <Interfacee%%%"%.\- '-- W?-- &:- -%?- -&-- --m)?- '-- /--)k- '--D--&m?- n.2 n<2.2.2.4%%%%.\'--H/--*k- . 2 <A.-.\- '&:#.- -%?((- -&--?--q]{- .2  <Proxy Table/*)(4%*%.\'-x%:~@ $  &WordMicrosoft Word  <System    -@Times New Romank~wWw( - <'--E--9@ Arial Gb~wk~wWw G -.2 <Client<.3.-'--E>-- \@ Arialq b~wk~wWwq - ^).2 ^)<1.1.1%%%.\@ Arialt b~wk~wWwt  -`.2 `<.1%.'- -  | - -   -  .2  <Remote1<.J3...\-'--.8--Lt- N.2 N<Network0%/%".\'-- *d--H- J.2 J<Gateway4%%/%!.\@ Arial b~wk~wWw - '--5*--H- J.2 J <Interface%%%"%.\- '-- tGt-- &o- -%t- -&-- d--y- .2 <1.1.1.2Y%%%%.\'--5--y- K. 2 K<A.-.\'--48--t- .2 <1.1.1.%%%.\>.2 ><.*.'--8 d---  '--85--- K. 2 K<A*-.\- '&o- -%t- -&&NO--  $XXDD-- &&  --  $    -- &&z7- -%~2- -&&  - -%  - -&-- >l -- \ - ^ .2 ^ <3.3.3%%%.\-`N .2 `N <.1%.'--p--4- . 2 <A1-.\'-- K --  -  . 2  <A1-.\'--#--Z,- H.2 H<Network0%/%".\'--&--X- k.2 k<Gateway4%%/%!.\- '--&H--- .2  <Interface%%%"%.\- '-- ,-- &' - -%,- -&--[--Zy,- {a.2 {a<1.1.1%%%.\{.2 {<.*.'--[--yX-  '--[H--y-  |. 2 |<A*7.\'----vZ,- a.2 a<2.2.2%%%.\.2 <.*.'----zX-  '--H--z- . 2 <B*-.\- '&'s~- -%,xx- -&--Tc--Y@ Arial) b~wk~wWw) -  . 2 <Xno.\'--O--m- q.2 q <PPTP Filter//4/.%.\'- -  R4- - r _A- .2 <GatewayYA..B.-.\-'&- -%- -&&N( =--  $ < )X)X<-- &&.- -%2- -&&- -%- -&-->--\- ^.2 ^<1.1.1%%%.\-`v.2 `v<.2%.'--<--- .2 <2.2.2%%%.\-v.2 v<.2%.'--o p--Q - .2 <2.2.2%%%.\-R .2 R <.1%.'- - .- - ! - B3.2 B3<Router1Y<33. ..\-'--.(s--- . 2 <Ao-.\'--_(s--A- . 2 <Bo-.\'& z - -% ~ - -&--A > -- \ - ^% .2 ^% <3.3.3%%%.\-` .2 ` <.2%.'--8--rt- .2 <default3..3.\'-.:~@5%$  B&WordMicrosoft Word  <System    -@Times New Romank~wWw( - <'--E--9@ Arial Gb~wk~wWw G -.2 <Client<.3.-'--E-- @ Arialq b~wk~wWwq - ).2 )<1.1.1%%%.\@ Arialt b~wk~wWwt  -.2 <.1%.'- -  | - -   -  .2  <Remote1<.J3...\-'--z8--\t- .2 <Network0%/%".\'--z d--\- .2 <Gateway4%%/%!.\@ Arial b~wk~wWw - '--z5--\- .2  <Interface%%%"%.\- '-- t-- &oU`- -%tZZ- -&--K d---- .2 <3.3.3.3%%%%.\'--K5---- K. 2 K<B.-.\'--P8--nt- p.2 p<1.1.1.%%%.\p>.2 p><.*.'-- Pd--n-  '--5P--n- pK. 2 pK<A*-.\- '&o- -%t- -&&N`Ou--  $XaXtDtDa-- && ` u--  $ a t t a-- &&.- -%2- -&&  o- -%  j- -&-- l --  -  .2  <3.3.3%%%.\-N .2 N <.1%.'--p>--4\- ^. 2 ^<A1-.\'-- >K -- \ - ^ . 2 ^ <A1-.\'-->--Z\,- ^H.2 ^H<Network0%/%".\'-->--\X- ^k.2 ^k<Gateway4%%/%!.\- '-->H--\- ^.2 ^ <Interface%%%"%.\- '-- [,-- &'- -%,- -&----Z-,- /a.2 /a<1.1.1%%%.\/.2 /<.*.'-----X-  '--H----  0. 2 0<A*7.\'--H--*Z,- a.2 a<2.2.2%%%.\.2 <.*.'--L--.X-  '--LH--.- . 2 <B*-.\- '&''2- -%,,,- -&-- --:%- >2.2 >2 <PPTP Filter//4/.%.\'&o- -%j- -&&N --  $  XX-- &&- -%- -&&o- -%j- -&----- .2 <1.1.1%%%.\-v.2 v<.2%.'--;--Y- [.2 [<2.2.2%%%.\-]v.2 ]v<.2%.'--# np-- - .2 <2.2.2%%%.\-R .2 R <.1%.'- - - - - 3.2 3<Router1<33. ..\-'--(is--- . 2 <Ao-.\'--(s--- . 2 <Bo-.\'& . o- -% 2 j- -&--A  --  - % .2 % <3.3.3%%%.\- .2  <.2%.'--E8--&t- .2 <default3..3.\'&Hk -- B$""RR[[Y!V\` \` RW RW VY Y\ [W RW j j Ri Ri Ng Kd I` IIIIKNRR-- &--_qn--A6Y@ Arial) b~wk~wWw) -  . 2 <Xo.\'- - 3 4- - & A- H.2 H<GatewayA..B.-.\-'--3 R--- . 2 <Aa-.\'--d  --F| ? -  E . 2 E <Ca0.\'--3l  --0  -  . 2  <Ba-.\'--C 4--%b p- .2 <3.3.3a%%%.\- .2  <.3%.'--E-- 0- 2).2 2)<3.3.3%%%.\-4.2 4<.4%.'--po--4- . 2 <B4-.\'-- d--,- ..2 .<1.1.1.2%%%%.\'--5--,- .K. 2 .K<A.-.\'&o&1- -%t++- -&--8--&t- (.2 (<2.2.2.1%%%%.\'-  G!""(%,.518"gkPW&,T[=C08duD]VuD/UVJUU\deu!{!" "N"W"y""""##;#B#####u$|$$%+%&&((/// uuDuDpVuD#Gp~9:L!#C6 S } 0 > !/./$  4h$MN1ABdfg ^!_!""""" #&  4h? !!$ #$$%%@'A'v(w(x(((())?,@,-- .!...//~/////////!!K@Normala 4@4 Heading 10< U]ck2@2 Heading 20< UV]c.@. Heading 3p0<Uc0@0 Heading 4@ 0<UVc,@, Heading 50<]c.@. Heading 60<V]c*@* Heading 70<],@, Heading 80<V]. @. Heading 9 P0<V]c"A@"Default Paragraph Font>@Title]cO Hyperlink^bO Plain Text] @" Header !,O, Figure title Vc @B Footer !)@Q Page Number,/d  #/,V _Toc375132553 _Toc375132556 _Toc375132557 _Toc375132559 _Toc375132560 _Toc375132561#60 ! ,GBR= . ,@CTimes New Roman Symbol "Arial1Courier New"h$f$ffr$N5    Microsoft Corporationbjohnson  !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~Root Entry FG\EnWordDocumentCompObjjSummaryInformation(  FMicrosoft Word Document MSWordDocWord.Document.69qOh+'0   H T ` lx  Microsoft Corporation  Normal bjohnson51Microsoft Word for Windows 95i@DocumentSummaryInformation8   FMicrosoft Word Document MSWordDocWord.Document.89qxMSFTN  @z:@dOEn@dOEnr$՜.+,0@HX` hp xMSFTN