How To. Configure Microsoft Windows XP ** Virtual Private Network (VPN) client interoperability without NAT-T support.



Similar documents
AlliedWare TM OS How To. Create a VPN between an Allied Telesis Router and a Microsoft Windows XP 1 Client, Without Using NAT-T.

How To Create A VPN Between An Allied Telesis Router And A Microsoft Windows XP 1 Client, Without Using NAT-T

Configure Microsoft Windows XP ** Virtual Private Network (VPN) client interoperability with NAT-T support

AlliedWare TM OS How To. Create a VPN between an Allied Telesis Router and a Microsoft Windows XP 1 Client, over NAT-T.

AlliedWare TM OS How To. Create a VPN between an Allied Telesis Router and a Microsoft Windows 7 Client, with or without NAT-T.

What information will you find in this document?

How To Configure some basic firewall and VPN scenarios

What information will you find in this document?

AlliedWare TM OS How To. Configure VPNs in a Corporate Network, with Optional Prioritisation of VoIP. Introduction. Contents

AlliedWare OS How To Create a VPN, (including dynamic DNS) between Apple products running Mac OS X and an Allied Telesis Router

Configure A Secure Network Solution For Schools. What information will you find in this document?

How to setup a VPN on Windows XP in Safari.

If you have questions or find errors in the guide, please, contact us under the following address:

What information will you find in this document?

AlliedTelesis AT-AR700 Series

What information will you find in this document?

Astaro Security Gateway V8. Remote Access via L2TP over IPSec Configuring ASG and Client

How To Industrial Networking

Purple Sturgeon Standard VPN Installation Manual for Windows XP

Configuring TheGreenBow VPN Client with a TP-LINK VPN Router

Creating a VPN Using Windows 2003 Server and XP Professional

Lab 4.4.8a Configure a Cisco GRE over IPSec Tunnel using SDM

CREATING AN IKE IPSEC TUNNEL BETWEEN AN INTERNET SECURITY ROUTER AND A WINDOWS 2000/XP PC

Pre-lab and In-class Laboratory Exercise 10 (L10)

Use 802.1x EAP-TLS or PEAP-MS-CHAP v2 with Microsoft Windows Server 2003 to Make a Secure Network

VPN L2TP Application. Installation Guide

Sophos UTM. Remote Access via PPTP. Configuring UTM and Client

How to Setup PPTP VPN Between a Windows PPTP Client and the DIR-130.

Iridium Extreme TM Satellite Phone. Data Services Manual

Sophos UTM. Remote Access via PPTP Configuring Remote Client

Understanding the Cisco VPN Client

How to setup PPTP VPN connection with DI-804HV or DI-808HV using Windows PPTP client

Chapter 6 Basic Virtual Private Networking

Global VPN Client Getting Started Guide

Step-by-Step Guide for Creating and Testing Connection Manager Profiles in a Test Lab

Configuring an IPSec Tunnel between a Firebox & a Check Point FireWall-1

Cisco QuickVPN Installation Tips for Windows Operating Systems

Windows XP VPN Client Example

Global VPN Client Getting Started Guide

Create a VPN between an Allied Telesis and a NetScreen Router

Configure the Firewall VoIP Support Service (SIP ALG)

Information Services. Accessing the University Network using a Virtual Private Network Connection (VPN), with Windows XP Professional

OvisLink 8000VPN VPN Guide WL/IP-8000VPN. Version 0.6

ZyWALL 5. Internet Security Appliance. Quick Start Guide Version 3.62 (XD.0) May 2004

How To Set Up A Vpn Tunnel Between Winxp And Zwall On A Pc 2 And Winxp On A Windows Xp 2 On A Microsoft Gbk2 (Windows) On A Macbook 2 (Windows 2) On An Ip

Juniper NetScreen IPSec Dial Client. Installation Guide for Windows 2000 Windows XP Windows Vista

Configuring SSL VPN on the Cisco ISA500 Security Appliance

Create a VPN between an Allied Telesis and a SonicWALL Router, with NAT-T

Configure IPSec VPN Tunnels With the Wizard

VPN Wizard Default Settings and General Information

HOWTO: How to configure IPSEC gateway (office) to gateway

Configure Allied Telesis and Cisco routers to interoperate over L2TP

How To. Create a VPN between an Allied Telesis AlliedWare Router and a Microsoft Windows 8 Client, with or without NAT-T.

Chapter 5 Virtual Private Networking Using IPsec

How To Configure A Kiwi Ip Address On A Gbk (Networking) To Be A Static Ip Address (Network) On A Ip Address From A Ipad (Netware) On An Ipad Or Ipad 2 (

Configure an IPSec Tunnel between a Firebox Vclass & a Check Point FireWall-1

Use Shrew Soft VPN Client to connect with IPSec VPN Server on RV130 and RV130W

Global VPN Client Getting Started Guide

Basic ViPNet VPN Deployment Schemes. Supplement to ViPNet Documentation

LevelOne. User Manual. FBR-1430 VPN Broadband Router, 1W 4L V1.0

STONEGATE IPSEC VPN 5.1 VPN CONSORTIUM INTEROPERABILITY PROFILE

Load Balancer. Introduction. A guide to Load Balancing.

Establishing a VPN tunnel to CNet CWR-854 VPN router using WinXP IPSec client

WatchGuard Mobile User VPN Guide

Lab a Configure Remote Access Using Cisco Easy VPN

Table of Contents. Cisco Cisco VPN Client FAQ

Note: This case study utilizes Packet Tracer. Please see the Chapter 5 Packet Tracer file located in Supplemental Materials.

Setting up D-Link VPN Client to VPN Routers

Allow Public and Private Address Access to Servers at a Service Provider Client Site. What information will you find in this document?

Configuring IPsec VPN with a FortiGate and a Cisco ASA

SSL VPN Service. Once you have installed the AnyConnect Secure Mobility Client, this document is available by clicking on the Help icon on the client.

TW100-BRV204 VPN Firewall Router

Setting up VPN connection: DI-824VUP+ with Windows PPTP client

External Authentication with Cisco VPN 3000 Concentrator Authenticating Users Using SecurAccess Server by SecurEnvoy

Step-by-Step Guide for Setting Up VPN-based Remote Access in a Test Lab

Internet and Intranet Calling with Polycom PVX 8.0.1

REMOTE ACCESS VPN NETWORK DIAGRAM

VPNC Interoperability Profile

Setting up a VPN connection Windows XP

Prestige 202H Plus. Quick Start Guide. ISDN Internet Access Router. Version /2004

Configuring a Check Point FireWall-1 to SOHO IPSec Tunnel

Chapter 8 Lab B: Configuring a Remote Access VPN Server and Client

MODEM AND DIAL-UP. Installation/Configuration (Windows 95/98/Me/NT/2000/XP)

Enable VPN PPTP Server Function

Dialing Connection for Windows XP INFORMATION TECHNOLOGY SERVICES California State University, Los Angeles Version 1.1 Summer 2005.

Configure Common ISDN Access Concentration With The Firewall. How To. Introduction. What information will you find in this note?

Netgear ProSafe VPN firewall (FVS318 or FVM318) to Cisco PIX firewall

Step-by-Step Guide for Setting Up VPN-based Remote Access in a

Broadband Router ALL1294B

Chapter 6 Virtual Private Networking

VPN Configuration of ProSafe VPN Lite software and NETGEAR ProSafe Router:

Which products and versions does it apply to?

Allworx Installation Course

This topic discusses Cisco Easy VPN, its two components, and its modes of operation. Cisco VPN Client > 3.x

VPN. VPN For BIPAC 741/743GE

How To Configure Apple ipad for Cyberoam L2TP

Small Business Server Part 2

For paid computer support call

Getting Started Guide

Guideline for setting up a functional VPN

Transcription:

How To Configure Microsoft Windows XP ** Virtual Private Network (VPN) client interoperability without NAT-T support Introduction This document describes how to provide secure remote access through IP security (IPSec) Virtual Private Networks (VPN). This VPN solution is suitable for any business deployment and provides your office with secure internet access and firewall protection, plus remote encrypted VPN access for your travelling staff. Consider the following typical scenario: You are the manager of a small business and you have purchased the AR450S for your small office premises. You have five PCs networked together with a server in your office. You intend to use your AR450S as your Internet gateway and for it to provide firewall protection. You also have a team of five sales people who travel widely around the globe. You would like these staff members to have secure (encrypted) remote access through the Internet to the servers in your office - allowing them to access files, private Intranet and business email. The travelling staff members will get secure remote access from any hotel or location with Internet access through the use of IPSec VPN. Each staff member has a laptop or other portable device with Windows XP or Windows 2000 installed. This document describes how to configure the Windows system to use IPSec VPN to connect your travelling staff s laptops to your AR450S router. When your travelling staff want to connect to the office they simply use the VPN icon on their desktop to initiate the IPSec VPN connection. Windows XP Professional or Home Edition Small Office Mobile Worker Remote Teleworker Mobile Worker Dial-up Modem DSL Dial-up Modem Internet AR450 Office Public Internet Address Office PCs Hotel Client or Road Warrior Mobile Worker 2 Mb Pipe Dial-up Modem Gateway Series: *AR300 *AR400 *AR700 *Rapier 24 or 24i VPNNONAT2XP **Windows is a registered trademark of Microsoft Corporation in the United States and other countries.

Solution Requirements The AR450S is the recommended security product for configuring as a VPN gateway as it enjoys the best encryption throughput. The following products can also be configured as VPN gateways, but will not produce the same performance. These products depend on either the Encryption Mini Accelerator Card (EMAC) or the Encryption PCI Accelerator Card (EPAC) to perform encryption. The AR300 series router family. The AR700 series router family. The Rapier 24 and Rapier 24i switches. While the Rapier switches mentioned above can be configured as VPN gateways, this is usually not a recommended practice. Doing so means you will lose wire-speed switching of data, because all traffic needs to be inspected by the Firewall and IPSec modules at CPU processing speed. On all products, feature licences are required if you want to access Triple-Digital Encryption Standard (3DES) or Advanced Encryption Standard (AES) encryption. Single DES is available by default on purchase of the encryption card. 3DES and AES are strategic export encryption products and you will need to apply to your local Allied Telesyn Office or Distributor before purchasing the feature licences. An encryption card is not necessary on the AR450S as it is built into the product The configuration will not work through Network Address Translation (NAT) gateways. If you wish to configure a Microsoft Windows 2000 VPN call, refer to the How To Configure Microsoft Windows 2000 Virtual Private Network (VPN) Client Interoperability document at http:// www.alliedtelesyn.co.nz/support/support.html. Configure Microsoft Windows XP VPN client interop without NAT-T support 2

Hardware and Software Versions Used During the Setup The following hardware and software was used to prepare this configuration example: The AR450S (or you could use any of the other products mentioned above). Software release 2.6.1-01 (you are able to use any release since 2.3.1). Appropriate 3DES and/or AES licence for the Allied Telesyn Layer 3 products. AES is only available on the AR450S at the time of publication. PC running Microsoft Windows XP Professional or Home Edition, Service Pack 1a. Security issue Since this Windows VPN solution is usually used to allow remote access from portable PCs and laptops into corporate networks, a common security concern is what happens if the remote laptop or PC is stolen or falls into unauthorised hands? This is particularly a concern because the VPN connection is enabled through the standard dial-up networking window that allows username and passwords to be saved. The solution to this security concern is to disable the standard behaviour allowing passwords to be saved. VPN users will then have to enter their password each time they connect. If you would like to implement this security measure, refer to Microsoft Knowledge Base article 172430 by following this link: http://support.microsoft.com/default.aspx?scid=kb;en-us;172430. This solution works on both Windows 2000 and Windows XP. Configure Microsoft Windows XP VPN client interop without NAT-T support 3

Configuring the VPN Client You will need your Public IP address for your router from your Internet Service Provider (ISP) before starting this configuration. Creating a VPN tunnel from the PC host to the Allied Telesyn VPN Gateway router. 1.On your desktop, click Start > Control Panel. Make sure you are in Category View, as shown in Figure 1. If your computer is in Classic View, Click Switch to Category View in the Control Panel Menu on the left of your screen. Figure 1: Example output showing Category View. 2. Click Network and Internet Connections > Create a connection to the network at your workplace. Configure Microsoft Windows XP VPN client interop without NAT-T support 4

This starts up the New Connection Wizard. 3. Select Virtual Private Network Connection as shown in Figure 2. Figure 2: Example output showing connection creation options. 4. Click Next. 5. Type in a name for the connection (e.g. VPN Connection To Head Office) as shown in Figure 3. Figure 3: Example output showing connection name. 6. Click Next. Configure Microsoft Windows XP VPN client interop without NAT-T support 5

If you have a modem installed, you will see the screen shown in Figure 4a. Here you may assign an associated dialled call or select Do not dial the initial connection. If you choose the latter, you will need to manually connect the modem or have LAN access available before initiating this VPN call. Go to Step 7. If you do not have a modem installed you will see Figure 4b. Go to Step 8. Figure 4: Example output showing dialling initial connection options. Figure 4a - with modem installed Figure 4b - without modem installed 7. If you have a modem installed, and you see Figure 5a, select Do not dial the initial connection, and click Next. 8. Enter the name or IP address of your Allied Telesyn router. This will be your Public Internet address, which your ISP will have allocated you. 9. Click Next. Configure Microsoft Windows XP VPN client interop without NAT-T support 6

You have now completed creating the connection as shown in Figure 5. 10.Check the Add a shortcut to this connection to my desktop checkbox. Figure 5: Example output from the final window of the New Connection Wizard. 11.Click Finish. 12.Close or Minimise the Network and Internet Connections window. Connect to the Head Office The pre-shared key used in this procedure (Step 9) needs to be the same ISAKMP pre-shared key as defined on your Allied Telesyn router in the ENCO definitions. Refer to AR450S Configuration on page 11. Configure Microsoft Windows XP VPN client interop without NAT-T support 7

1.Double-click the new Head Office icon on your desktop. 2. Enter your user name and password as shown in Figure 6 on page 8. Your user name and password will be the same as is configured on your router user database or RADIUS server. Figure 6: Example output showing connecting to Head Office. 3. Click in the Save this user name and password for the following users. 4. Select Me only. 5. Click Properties. This opens the Head Office Properties window as shown in Figure 7. 6. Click the Security Tab as shown in Figure 7. Figure 7: Example output showing the Head Office Properties Security Tab. Configure Microsoft Windows XP VPN client interop without NAT-T support 8

7. Click the IPSec Settings button. This opens the IPSec Settings window as shown in Figure 9. Figure 8: Example output showing the IPSec Settings window. 8. Click in the Use pre-shared key for authentication check box. 9. Enter your pre-shared key. The pre-shared key needs to be the same ISAKMP pre-shared key as defined on your Allied Telesyn router in the ENCO definitions. Refer to AR450S Configuration on page 11. 10.Click OK. You are now back to the Head Office Properties window as shown in Figure 9. 11.Click the Networking Tab. Figure 9: Example output showing Head Office Properties Networking Tab. 12.In the Type of VPN drop-down box, select L2TP IPSec VPN. 13.Click OK. Configure Microsoft Windows XP VPN client interop without NAT-T support 9

You have now completed configuring the L2TP client. 14.Click Connect. The connection will fail if the router has not been configured. Configure Microsoft Windows XP VPN client interop without NAT-T support 10

Configuring the AR450S This configuration is a script file for running IPSec encapsulating L2TP, on a Head Office AR450S configured to support IPSec remote PC clients. You will need to personalise IP addresses, passwords etc for your network. This is indicated by text within < >. Before loading the configuration, you will need to create a security user, enable system security, log in as the security user and then create a general ENCO key for use with ISAKMP - all done from the command line prompt. These steps are outlined below. Then you may load the script using ZMODEM or TFTP methods, or use the router's built in editor. 1. Define a security officer. This step must be completed on both the head office and remote office router. add user=secoff password=<your password> priv=securityofficer enable system security login secoff 2. Generate a random key at the head office router. create enco key=1 type=general value=<enter your own alphanumeric string> Note the value of the string you have entered so that you can load it on the PC clients. This shared key will be used to encrypt ISAKMP negotiation. 3. Enter the configuration. AR450S Configuration The following commands need to be in your configuration file or entered at the command line and saved using the command: create conf=vpn.cfg After you have created the file, set your router configuration to refer to this configuration at boot time using the command: set conf=vpn.cfg You will need to personalise IP addresses, passwords etc for your network. This is indicated by text within < >. Make sure you have a user with SECURITY OFFICER privileges defined on the Allied Telesyn router, with system security enabled. This ensures that the encryption key will not be lost after a reboot. Configure Microsoft Windows XP VPN client interop without NAT-T support 11

The configuration starts here and ends on page 14 Comments are indicated in the script below using the # symbol. set system name=ipsec Gateway # The command below shows the Security Officer inactive timeout delay. The default is 60 seconds. During setup you may decide to use 600 seconds. set user securedelay=600 # The incoming L2TP calls will be CHAP authenticated. They may be authenticated against the router's user database as configured below, or against a RADIUS Server if configured. add user=dialin1 pass=friend1 login=no add user=dialin2 pass=friend2 login=no add user=dialin3 pass=friend3 login=no add user=dialin4 pass=friend4 login=no add user=secoff pass=<your password> priv=securityofficer login=yes set user=secoff description= Security Officer Account del user=manager # If RADIUS server support is needed, use a line such as this: add radius server=<your RADIUS server address> secret=7tf8fs76g98f6 # All dynamic incoming L2TP calls will associate with this PPP template as indicated below. create ppp template=1 bap=off ippool="ip" authentication=chap echo=10 lqr=off # To cater for dynamic creation of incoming L2TP calls enter the following commands. enable l2tp enable l2tp server=both add l2tp ip=1.1.1.1-255.255.255.254 ppptemplate=1 # The IP address allows for any valid Internet address. enable ip add ip int=vlan1 ip=<office private LAN address> add ip int=eth0 ip=<office Internet address> mask=<appropriate mask> # The default route to the Internet.. add ip route=0.0.0.0 mask=0.0.0.0 int=eth0 next=<your Internet gateway or ISP next-hop address> Configure Microsoft Windows XP VPN client interop without NAT-T support 12

# The IP pool addresses are the internal address ranges you want to allocate to your IPSec remote PC clients (e.g. ip=192.168.8.1-192.168.8.254). create ip pool=ip ip=x.x.x.x-x.x.x.x # Firewall enable fire create fire poli=main create fire poli=main dy=dynamic add fire poli=main dy=dynamic user=any add fire poli=main int=vlan1 type=private # Dynamic private interfaces are accepted from L2TP, which are from IPSec only. add fire poli=main int=dyn-dynamic type=private add fire poli=main int=eth0 type=public # The firewall allows for internally generated access to the Internet through this NAT definition. add fire poli=main nat=enhanced int=vlan1 gblint=eth0 # This NAT definition allows Internet access for remote VPN users by providing address translation. add fire poli=main nat=enhanced int=dyn-dynamic gblint=eth0 add fire poli=main rule=1 int=eth0 action=allow prot=udp ip=<office Internet address> port=500 gblip=<office Internet address> gblpo=500 # Rule 2 becomes the L2TP tunnel allow rule. Additional security is provided by only allowing traffic from IPSec tunnels. add fire poli=main rule=2 int=eth0 action=allow prot=udp ip=<office Internet address> port=1701 gblip=<office Internet address> gblpo=1701 encap=ipsec create ipsec sas=1 key=isakmp prot=esp encalg=3desouter hashalg=sha mode=transport create ipsec sas=2 key=isakmp prot=esp encalg=3desouter hashalg=md5 mode=transport create ipsec sas=3 key=isakmp prot=esp encalg=des hashalg=sha mode=transport create ipsec sas=4 key=isakmp prot=esp encalg=des hashalg=md5 mode=transport # The ORDER of proposals is important. You should propose the strongest encryption first. create ipsec bundle=1 key=isakmp string= 1 or 2 or 3 or 4 create ipsec policy=isakmp int=eth0 action=permit lport=500 rport=500 Configure Microsoft Windows XP VPN client interop without NAT-T support 13

# This is a generic IPSec policy that multiple IPSec remote PC clients can connect through. create ipsec policy=to_hq int=eth0 action=ipsec key=isakmp bundle=1 peer=any isa=keys set ipsec policy=to_hq transport=udp rport=1701 # The following policy allows for internally generated Internet access. create ipsec policy=internet int=eth0 act=permit enable ipsec create isakmp policy=keys peer=any key=1 set isakmp policy=keys sendd=true enable isakmp Don t forget to create and save the config: create conf=vpn.cfg set conf=vpn.cfg This is the end of the configuration i Support Limits Your Allied Telesyn AR450S VPN router can support a total of up to 21 Mbps from your office servers to your Microsoft Windows IPSec Clients, or 31 Mbps from your Microsoft Windows IPSec Clients to your office servers. These figures were measured using the router configuration supplied utilising L2TP inside IPSec with both an encryption and authentication SA, and with firewall protection. In making design decisions for your IPSec VPN network, please be aware that your actual tunnel throughput and the number of tunnels you can support is affected by your Internet connection speed at both the VPN Client and the VPN router, and also by Internet congestion. Available throughput on any one tunnel is also affected by the current loading on other active VPN tunnels. Configure Microsoft Windows XP VPN client interop without NAT-T support 14

VPN Testing, Verification and Troubleshooting If your VPN tunnel is not successful, the following troubleshooting notes will help establish the cause of the problem. If needed, you may contact your Allied Telesyn distributor or reseller, or your local Allied Telesyn support desk for assistance. Testing an IPSec tunnel on your router This first section looks at troubleshooting your router. i Before starting the verification commands below, recheck your router configuration using the command sh conf dyn. The IP local IP address is best left at default. If IP local is set to an address other default, this may invalidate ISAKMP negotiation. It is good practice to confirm that traffic is being encrypted. A good initial check is to observe the ISAKMP negotiation entries in the system log using the command sh log. There will be several phases of negotiation, and they should indicate successful completion. If you can see no negotiation entries in the log, or if you only see an initial start and no completed phases, then this suggests a configuration error, or no ISAKMP negotiation received from the peer. Checking, with the command sh fire event, will allow you to see what traffic has been received from the peer, and if it has been allowed by the firewall. You may also confirm ISAKMP and IPSec progress with the sh isakmp sa and sh ipsec sa commands. Confirmation that traffic is actually being encrypted is best seen by using a counter command such as sh ipsec poli=to_hq count. Every time you ping a set of 4 pings, the outprocessdone counters (in the Outbound Packet Processing Counters section) should increment by 4. Also, the echo reply traffic should cause the inprocessdone counters (in the Inbound Packet Processing Counters section) to increment by 4. It is important that the IPSec policies are configured in the correct order. If you have a permit IPSec policy with open policy address selectors, (intended to allow unencrypted Internet access), then this policy must be configured last after the action=ipsec policies command. Otherwise this permit policy will process all traffic and no traffic will be encrypted. The order of the IPSec policies can be checked by the sh ipsec poli command. In the output of this command, each policy is assigned a position number. Configure Microsoft Windows XP VPN client interop without NAT-T support 15

Troubleshooting an IPSec tunnel If problems continue, then ISAKMP and IPSec debugging modes may be used. Turning on all debug modes is rather verbose, so we recommend basic ISAKMP debugging initially. Capture the following debugging: ena isakmp debug=state You can also use: ena isakmp debug=trace attempt connection from your IPSec remote PC client to end your debugging trace use dis isakmp debug=all If the basic ISAKMP debugging modes does not reveal a problem to you, then all debugging modes should be enabled and captured to a text file and sent to your support centre. Use the commands ena ipsec poli=tunnel debug=all ena isakmp debug. Also capture sh log to show ISAKMP log entries (as mentioned above), and capture sh fire event and sh debug. Forward all this debugging to your local technical support for analysis. Your local support centre also have access to advanced support centres if necessary. (Allied Telesyn offers technical assistance in partnership with our authorised distributors and resellers. For technical assistance, please contact the authorised distributor or reseller in your area). Please refer to http://www.alliedtelesyn.co.nz/support/support.html for a list of Allied Telesyn s authorised distributors & resellers. Testing an IPSec tunnel on your PC If you wish to check your connection, right-click your connection icon (e.g. Virtual Private Connection to Head Office) in the Network Connections folder, or on your desktop. This will display the window shown in Figure 10. Figure 10: Example output from the VPN Connection to Head Office Status window. Configure Microsoft Windows XP VPN client interop without NAT-T support 16

1.Click Status. 2. Click the Details Tab to check your connection information. 3. Click Close. 4. To close your connection, right-click your connection icon (e.g. Virtual Private Connection to Head Office) and click Disconnect to close the connection as shown in Figure 11. Figure 11: Example output from Disconnection your connection. 2004 Allied Telesyn International Corp. All rights reserved. Information in this document is subject to change without notice. All company names, logos and product designs that are trademarks or registered trademarks are the property of their respective owners. www.alliedtelesyn.com C613-16003-00 REV B

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information