<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML xmlns="http://www.w3.org/TR/REC-html40" xmlns:v =
"urn:schemas-microsoft-com:vml" xmlns:o =
"urn:schemas-microsoft-com:office:office" xmlns:w =
"urn:schemas-microsoft-com:office:word" xmlns:m =
"http://schemas.microsoft.com/office/2004/12/omml"><HEAD>
<META http-equiv=Content-Type content="text/html; charset=us-ascii">
<META content="MSHTML 6.00.6000.16608" name=GENERATOR><!--[if !mso]>
<STYLE>v\:* {
BEHAVIOR: url(#default#VML)
}
o\:* {
BEHAVIOR: url(#default#VML)
}
w\:* {
BEHAVIOR: url(#default#VML)
}
.shape {
BEHAVIOR: url(#default#VML)
}
</STYLE>
<![endif]-->
<STYLE>@font-face {
font-family: Cambria Math;
}
@font-face {
font-family: Calibri;
}
@font-face {
font-family: Tahoma;
}
@page Section1 {size: 8.5in 11.0in; margin: 1.0in 1.0in 1.0in 1.0in; }
P.MsoNormal {
FONT-SIZE: 11pt; MARGIN: 0in 0in 0pt; FONT-FAMILY: "Calibri","sans-serif"
}
LI.MsoNormal {
FONT-SIZE: 11pt; MARGIN: 0in 0in 0pt; FONT-FAMILY: "Calibri","sans-serif"
}
DIV.MsoNormal {
FONT-SIZE: 11pt; MARGIN: 0in 0in 0pt; FONT-FAMILY: "Calibri","sans-serif"
}
A:link {
COLOR: blue; TEXT-DECORATION: underline; mso-style-priority: 99
}
SPAN.MsoHyperlink {
COLOR: blue; TEXT-DECORATION: underline; mso-style-priority: 99
}
A:visited {
COLOR: purple; TEXT-DECORATION: underline; mso-style-priority: 99
}
SPAN.MsoHyperlinkFollowed {
COLOR: purple; TEXT-DECORATION: underline; mso-style-priority: 99
}
SPAN.EmailStyle17 {
COLOR: windowtext; FONT-FAMILY: "Calibri","sans-serif"; mso-style-type: personal
}
SPAN.EmailStyle18 {
COLOR: #1f497d; FONT-FAMILY: "Calibri","sans-serif"; mso-style-type: personal-reply
}
.MsoChpDefault {
FONT-SIZE: 10pt; mso-style-type: export-only
}
DIV.Section1 {
page: Section1
}
</STYLE>
<!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]--></HEAD>
<BODY lang=EN-US vLink=purple link=blue>
<DIV dir=ltr align=left><SPAN class=278130519-10032008><FONT face=Arial
color=#0000ff size=2>
<DIV dir=ltr align=left><SPAN class=278130519-10032008><FONT face=Arial
color=#0000ff size=2>I cannot tell you how to configure the Linksys routers,
however openswan...</FONT></SPAN></DIV>doc/config.html in the openswan source
tarball, will explain the basics.</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=278130519-10032008><FONT face=Arial
color=#0000ff size=2>man ipsec.conf (after openswan installed) will give you
more detail on various options.</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=278130519-10032008><FONT face=Arial
color=#0000ff size=2></FONT></SPAN> </DIV>
<DIV dir=ltr align=left><SPAN class=278130519-10032008><FONT face=Arial
color=#0000ff size=2>In short, I expect you'll have an ipsec.conf similar
too...</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=278130519-10032008><FONT face=Arial
color=#0000ff size=2>ipsec.conf:</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=278130519-10032008><FONT face=Arial
color=#0000ff size=2>version 2.0</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=278130519-10032008><FONT face=Arial
color=#0000ff size=2></FONT></SPAN> </DIV>
<DIV dir=ltr align=left><SPAN class=278130519-10032008><FONT face=Arial
color=#0000ff size=2>config setup<BR>
interfaces=%defaultroute<BR>
uniqueids=yes</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=278130519-10032008><FONT face=Arial
color=#0000ff size=2> </DIV></FONT></SPAN>
<DIV dir=ltr align=left><SPAN class=278130519-10032008><FONT face=Arial
color=#0000ff size=2>include
/etc/ipsec.d/examples/no_oe.conf</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=278130519-10032008><FONT face=Arial
color=#0000ff size=2></FONT></SPAN> </DIV>
<DIV dir=ltr align=left><SPAN class=278130519-10032008><FONT face=Arial
color=#0000ff size=2>conn
remote-site-1<BR> also=central-site #
you'll need a remote-site conn for each remote site.</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN
class=278130519-10032008> <FONT
face=Arial color=#0000ff size=2>right=%any</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN
class=278130519-10032008> <FONT
face=Arial color=#0000ff size=2><A
href="mailto:rightid=@site1">rightid=@site1</A> # set this to uniquely
identify site, must match in linksys.</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=278130519-10032008><FONT face=Arial
color=#0000ff size=2>
rightsubnet=192.168.0.0/16 # your remote lan.<BR><SPAN
class=278130519-10032008><FONT face=Arial color=#0000ff
size=2> also=linksys-policy<BR></FONT></SPAN>
auto=add # the remote end will start</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=278130519-10032008><FONT face=Arial
color=#0000ff size=2></FONT></SPAN> </DIV>
<DIV dir=ltr align=left><SPAN class=278130519-10032008><FONT face=Arial
color=#0000ff size=2>conn central-site</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=278130519-10032008><FONT face=Arial
color=#0000ff size=2> left=1.2.3.4 #
your openswan.linux public internet ip.</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=278130519-10032008><FONT face=Arial
color=#0000ff size=2> #
leftnexthop=%defaultroute</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=278130519-10032008><FONT face=Arial
color=#0000ff size=2> # <A
href="mailto:leftid=@1.2.3.4">leftid=@1.2.3.4</A> # defaults
to left ip, must match in
linksys.<BR> leftsubnet=10.0.0.0/8
# your internal lan at central site.</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=278130519-10032008><FONT face=Arial
color=#0000ff
size=2> leftsourceip=10.0.0.1 #
your openswan.linux private lan ip.<BR></DIV></FONT></SPAN><SPAN
class=278130519-10032008><FONT face=Arial color=#0000ff size=2></FONT></SPAN>
<DIV dir=ltr align=left><SPAN class=278130519-10032008><FONT face=Arial
color=#0000ff
size=2>conn linksys-policy<BR> #
keyexchange=ike # I've shown the openswan defaults here in
comments<BR> #
aggrmode=no # So you know
what to set on linksys to match,
however<BR> #
auth=esp
# You may leave these lines out of your
ipsec.conf<BR> ike=3des-md5-modp1024 #
or aes-sha1-modp1024<BR>
esp=3des-md5 #
or aes-sha1<BR> #
pfs=yes
# perfect forward secrecy<BR>
compress=no<BR> #
ikelifetime=1.0h<BR> #
keylife=8.0h<BR> #
rekey=yes<BR> #
keyingtries=%forever<BR> #
dpddelay=30 #
d(ead)p(eer)d(etection) is off by default, set all
three<BR> #
dpdtimeout=120 # options to enable it, may or may not help with
lost<BR> #
dpdaction=clear # connections, internet outages,
etc...<BR>
authby=secret # note, linksys may only
allow preshared (text) keys,</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=278130519-10032008><FONT face=Arial
color=#0000ff
size=2> #
in which case you'll need to use the same key for</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=278130519-10032008><FONT face=Arial
color=#0000ff
size=2> #
all dynamic ip sites and your ipsec.secrets file will</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=278130519-10032008><FONT face=Arial
color=#0000ff
size=2> #
look like below. If it allows other options such as</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=278130519-10032008><FONT face=Arial
color=#0000ff
size=2> #
RSA keys or X.509 certs than you may have</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=278130519-10032008><FONT face=Arial
color=#0000ff
size=2> #
different keys for different sites.</FONT></SPAN></DIV>
<DIV><SPAN class=278130519-10032008><FONT face=Arial color=#0000ff
size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=278130519-10032008><FONT face=Arial color=#0000ff
size=2>ipsec.secrets:</FONT></SPAN></DIV>
<DIV><SPAN class=278130519-10032008><FONT face=Arial color=#0000ff
size=2>1.2.3.4 : PSK "my secret key" # replace 1.2.3.4 with your servers static
internet ip.</FONT></SPAN><SPAN class=278130519-10032008></DIV>
<DIV dir=ltr align=left><FONT face=Arial><BR><FONT color=#0000ff
size=2></FONT></FONT></DIV></SPAN>
<DIV dir=ltr align=left><SPAN class=278130519-10032008><FONT face=Arial
color=#0000ff size=2> </DIV></FONT></SPAN>
<DIV><FONT face=Arial color=#0000ff size=2></FONT> </DIV>
<DIV align=left><FONT face=Arial size=2>Peter McGill</FONT></DIV>
<DIV><FONT face=Arial color=#0000ff size=2></FONT> </DIV><FONT face=Arial
size=2></FONT><FONT face=Arial size=2></FONT><FONT face=Arial
size=2></FONT><FONT face=Arial size=2></FONT><BR>
<BLOCKQUOTE dir=ltr
style="PADDING-LEFT: 5px; MARGIN-LEFT: 5px; BORDER-LEFT: #0000ff 2px solid; MARGIN-RIGHT: 0px">
<DIV class=OutlookMessageHeader lang=en-us dir=ltr align=left>
<HR tabIndex=-1>
<FONT face=Tahoma size=2><B>From:</B> Chris Thomas
[mailto:cthomas@harkinsbuilders.com] <BR><B>Sent:</B> March 10, 2008 3:01
PM<BR><B>To:</B> petermcgill@goco.net; users@openswan.org<BR><B>Subject:</B>
RE: [Openswan Users] Is this possible?<BR></FONT><BR></DIV>
<DIV></DIV>
<DIV class=Section1>
<P class=MsoNormal><SPAN style="COLOR: #1f497d">OK, great to hear that it’s
do-able then. <o:p></o:p></SPAN></P>
<P class=MsoNormal><SPAN style="COLOR: #1f497d"><o:p> </o:p></SPAN></P>
<P class=MsoNormal><SPAN style="COLOR: #1f497d">My central site has a static
IP. We’re actually running dual bonded T-1’s for internet.
<o:p></o:p></SPAN></P>
<P class=MsoNormal><SPAN style="COLOR: #1f497d"><o:p> </o:p></SPAN></P>
<P class=MsoNormal><SPAN style="COLOR: #1f497d">The remote sites will not need
to connect to each other. Connecting only to HQ is perfectly fine.
<o:p></o:p></SPAN></P>
<P class=MsoNormal><SPAN style="COLOR: #1f497d"><o:p> </o:p></SPAN></P>
<P class=MsoNormal><SPAN style="COLOR: #1f497d">Is there anything special I
need to configure on the remote sites to have them initiate the connection or
does this just “happen”?<o:p></o:p></SPAN></P>
<P class=MsoNormal><SPAN style="COLOR: #1f497d"><o:p> </o:p></SPAN></P>
<P class=MsoNormal><SPAN style="COLOR: #1f497d">My company is running a Check
Point firewall, but the OpenSwan Linux box will be connected outside of it
(one interface will be plugged into “raw” internet and the other will be
plugged in to my LAN) so I will not need to perform an sort of NAT.
<o:p></o:p></SPAN></P>
<P class=MsoNormal><SPAN style="COLOR: #1f497d"><o:p> </o:p></SPAN></P>
<P class=MsoNormal><SPAN style="COLOR: #1f497d">I am unfamiliar with
roadwarrior. I will have to do some looking around on that one.
<o:p></o:p></SPAN></P>
<P class=MsoNormal><SPAN style="COLOR: #1f497d"><o:p> </o:p></SPAN></P>
<P class=MsoNormal><SPAN style="COLOR: #1f497d">Is there a place anyone
recommends for some “how-tos” to assist me with all this stuff?
<o:p></o:p></SPAN></P>
<P class=MsoNormal><SPAN style="COLOR: #1f497d"><o:p> </o:p></SPAN></P>
<P class=MsoNormal><SPAN style="COLOR: #1f497d">Thanks very much for your
assistance.<o:p></o:p></SPAN></P>
<P class=MsoNormal><SPAN style="COLOR: #1f497d"><o:p> </o:p></SPAN></P>
<P class=MsoNormal><SPAN style="COLOR: #1f497d">-Chris<o:p></o:p></SPAN></P>
<P class=MsoNormal><SPAN style="COLOR: #1f497d"><o:p> </o:p></SPAN></P>
<DIV>
<DIV
style="BORDER-RIGHT: medium none; PADDING-RIGHT: 0in; BORDER-TOP: #b5c4df 1pt solid; PADDING-LEFT: 0in; PADDING-BOTTOM: 0in; BORDER-LEFT: medium none; PADDING-TOP: 3pt; BORDER-BOTTOM: medium none">
<P class=MsoNormal><B><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: 'Tahoma','sans-serif'">From:</SPAN></B><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: 'Tahoma','sans-serif'"> Peter McGill
[mailto:petermcgill@goco.net] <BR><B>Sent:</B> Monday, March 10, 2008 2:42
PM<BR><B>To:</B> Chris Thomas; users@openswan.org<BR><B>Subject:</B> RE:
[Openswan Users] Is this possible?<o:p></o:p></SPAN></P></DIV></DIV>
<P class=MsoNormal><o:p> </o:p></P>
<P class=MsoNormal><SPAN
style="FONT-SIZE: 10pt; COLOR: blue; FONT-FAMILY: 'Arial','sans-serif'">As
long as your central site has a static IP this is possible.</SPAN><SPAN
style="FONT-SIZE: 12pt; FONT-FAMILY: 'Times New Roman','serif'"><o:p></o:p></SPAN></P>
<P class=MsoNormal><SPAN
style="FONT-SIZE: 10pt; COLOR: blue; FONT-FAMILY: 'Arial','sans-serif'">Note
however, that there are two things having a dynamic ip at the remote site
affects.</SPAN><SPAN
style="FONT-SIZE: 12pt; FONT-FAMILY: 'Times New Roman','serif'"><o:p></o:p></SPAN></P>
<P class=MsoNormal><SPAN
style="FONT-SIZE: 10pt; COLOR: blue; FONT-FAMILY: 'Arial','sans-serif'">1) The
dynamic sites cannot tunnel to each other directly, but must communicate
through</SPAN><SPAN
style="FONT-SIZE: 12pt; FONT-FAMILY: 'Times New Roman','serif'"><o:p></o:p></SPAN></P>
<P class=MsoNormal><SPAN
style="FONT-SIZE: 10pt; COLOR: blue; FONT-FAMILY: 'Arial','sans-serif'">the
central site, because they will not know the ip's of the other
sites.</SPAN><SPAN
style="FONT-SIZE: 12pt; FONT-FAMILY: 'Times New Roman','serif'"><o:p></o:p></SPAN></P>
<P class=MsoNormal><SPAN
style="FONT-SIZE: 10pt; COLOR: blue; FONT-FAMILY: 'Arial','sans-serif'">(Note:
Since your using Linksys which probably only allows 1 or 2 tunnels, you'd
probably</SPAN><SPAN
style="FONT-SIZE: 12pt; FONT-FAMILY: 'Times New Roman','serif'"><o:p></o:p></SPAN></P>
<P class=MsoNormal><SPAN
style="FONT-SIZE: 10pt; COLOR: blue; FONT-FAMILY: 'Arial','sans-serif'">need
to do this anyway regardless of static or dynamic ip's at the remote
sites.)</SPAN><SPAN
style="FONT-SIZE: 12pt; FONT-FAMILY: 'Times New Roman','serif'"><o:p></o:p></SPAN></P>
<P class=MsoNormal><SPAN
style="FONT-SIZE: 10pt; COLOR: blue; FONT-FAMILY: 'Arial','sans-serif'">2) The
central site cannot initiate or reconnect to remote sites, the remote sites
must handle</SPAN><SPAN
style="FONT-SIZE: 12pt; FONT-FAMILY: 'Times New Roman','serif'"><o:p></o:p></SPAN></P>
<P class=MsoNormal><SPAN
style="FONT-SIZE: 10pt; COLOR: blue; FONT-FAMILY: 'Arial','sans-serif'">the
connection initiations and reconnections because the central site won't know
which ip's</SPAN><SPAN
style="FONT-SIZE: 12pt; FONT-FAMILY: 'Times New Roman','serif'"><o:p></o:p></SPAN></P>
<P class=MsoNormal><SPAN
style="FONT-SIZE: 10pt; COLOR: blue; FONT-FAMILY: 'Arial','sans-serif'">to
connect to.</SPAN><SPAN
style="FONT-SIZE: 12pt; FONT-FAMILY: 'Times New Roman','serif'"><o:p></o:p></SPAN></P>
<P class=MsoNormal><SPAN
style="FONT-SIZE: 12pt; FONT-FAMILY: 'Times New Roman','serif'"> <o:p></o:p></SPAN></P>
<P class=MsoNormal><SPAN
style="FONT-SIZE: 10pt; COLOR: blue; FONT-FAMILY: 'Arial','sans-serif'">If
your looking for a cheap way to connect your sites, this is probably a good
solution.</SPAN><SPAN
style="FONT-SIZE: 12pt; FONT-FAMILY: 'Times New Roman','serif'"><o:p></o:p></SPAN></P>
<P class=MsoNormal><SPAN
style="FONT-SIZE: 10pt; COLOR: blue; FONT-FAMILY: 'Arial','sans-serif'">Just
be aware of the above limitations, and get a good/unlimited internet account
at the</SPAN><SPAN
style="FONT-SIZE: 12pt; FONT-FAMILY: 'Times New Roman','serif'"><o:p></o:p></SPAN></P>
<P class=MsoNormal><SPAN
style="FONT-SIZE: 10pt; COLOR: blue; FONT-FAMILY: 'Arial','sans-serif'">central
site, especially if you want the remote sites to talk to each other (through
the</SPAN><SPAN
style="FONT-SIZE: 12pt; FONT-FAMILY: 'Times New Roman','serif'"><o:p></o:p></SPAN></P>
<P class=MsoNormal><SPAN
style="FONT-SIZE: 10pt; COLOR: blue; FONT-FAMILY: 'Arial','sans-serif'">central
site) as this will increase the load at the central site. If possible
avoid using,</SPAN><SPAN
style="FONT-SIZE: 12pt; FONT-FAMILY: 'Times New Roman','serif'"><o:p></o:p></SPAN></P>
<P class=MsoNormal><SPAN
style="FONT-SIZE: 10pt; COLOR: blue; FONT-FAMILY: 'Arial','sans-serif'">nat-traversal
and connect the routers and Linux server directly to the internet
connection.</SPAN><SPAN
style="FONT-SIZE: 12pt; FONT-FAMILY: 'Times New Roman','serif'"><o:p></o:p></SPAN></P>
<P class=MsoNormal><SPAN
style="FONT-SIZE: 10pt; COLOR: blue; FONT-FAMILY: 'Arial','sans-serif'">This
will also save you some headaches getting things all working.</SPAN><SPAN
style="FONT-SIZE: 12pt; FONT-FAMILY: 'Times New Roman','serif'"><o:p></o:p></SPAN></P>
<P class=MsoNormal><SPAN
style="FONT-SIZE: 12pt; FONT-FAMILY: 'Times New Roman','serif'"> <o:p></o:p></SPAN></P>
<P class=MsoNormal><SPAN
style="FONT-SIZE: 10pt; COLOR: blue; FONT-FAMILY: 'Arial','sans-serif'">Use
roadwarrior configuration samples for your remote sites. Roadwarrior relating
to</SPAN><SPAN
style="FONT-SIZE: 12pt; FONT-FAMILY: 'Times New Roman','serif'"><o:p></o:p></SPAN></P>
<P class=MsoNormal><SPAN
style="FONT-SIZE: 10pt; COLOR: blue; FONT-FAMILY: 'Arial','sans-serif'">changing
ip, rather than actual equipment movement, which may or may not
happen.</SPAN><SPAN
style="FONT-SIZE: 12pt; FONT-FAMILY: 'Times New Roman','serif'"><o:p></o:p></SPAN></P>
<DIV>
<P class=MsoNormal><SPAN
style="FONT-SIZE: 12pt; FONT-FAMILY: 'Times New Roman','serif'"> <o:p></o:p></SPAN></P></DIV>
<P class=MsoNormal><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: 'Arial','sans-serif'">Peter
McGill</SPAN><SPAN
style="FONT-SIZE: 12pt; FONT-FAMILY: 'Times New Roman','serif'"><o:p></o:p></SPAN></P>
<DIV>
<P class=MsoNormal><SPAN
style="FONT-SIZE: 12pt; FONT-FAMILY: 'Times New Roman','serif'"> <o:p></o:p></SPAN></P></DIV>
<BLOCKQUOTE
style="BORDER-RIGHT: medium none; PADDING-RIGHT: 0in; BORDER-TOP: medium none; PADDING-LEFT: 4pt; PADDING-BOTTOM: 0in; MARGIN: 5pt 0in 5pt 3.75pt; BORDER-LEFT: blue 1.5pt solid; PADDING-TOP: 0in; BORDER-BOTTOM: medium none">
<P class=MsoNormal><SPAN
style="FONT-SIZE: 12pt; FONT-FAMILY: 'Times New Roman','serif'"><o:p> </o:p></SPAN></P>
<DIV class=MsoNormal style="TEXT-ALIGN: center" align=center><SPAN
style="FONT-SIZE: 12pt; FONT-FAMILY: 'Times New Roman','serif'">
<HR align=center width="100%" SIZE=2>
</SPAN></DIV>
<P class=MsoNormal style="MARGIN-BOTTOM: 12pt"><B><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: 'Tahoma','sans-serif'">From:</SPAN></B><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: 'Tahoma','sans-serif'">
users-bounces@openswan.org [mailto:users-bounces@openswan.org] <B>On Behalf
Of </B>Chris Thomas<BR><B>Sent:</B> March 10, 2008 11:50 AM<BR><B>To:</B>
users@openswan.org<BR><B>Subject:</B> [Openswan Users] Is this
possible?</SPAN><SPAN
style="FONT-SIZE: 12pt; FONT-FAMILY: 'Times New Roman','serif'"><o:p></o:p></SPAN></P>
<P class=MsoNormal>I would like to put a Linksys WRVS4400N at each of my
remote sites (I have about 10 or 20) and configure a Linux server running
OpenSwan at my Headquarters location to receive the VPN connections/tunnels
from each remote site. Each site has a dynamic IP address. Is it
possible to make this happen or do all remote sites need to have static
IP’s?<o:p></o:p></P>
<P class=MsoNormal><o:p> </o:p></P>
<P class=MsoNormal>Thanks in advance for the insight.<o:p></o:p></P>
<P class=MsoNormal><o:p> </o:p></P>
<P
class=MsoNormal>-Chris<o:p></o:p></P></BLOCKQUOTE></DIV></BLOCKQUOTE></BODY></HTML>