8200 router cellular interface shutting down - Page 4

KMNRuser · ‎12-14-2023

We have one of our remote sites connecting back to us using a Cisco C8200L-1N-4T.

This router is in a remote location, and the only service we could find out there was cellular.

We have the Cellular interface connected; using "ip address negotiated".

We have 4 Tunnels configured on the box, and 3 of those tunnels pass traffic, but the 4th one, when it tries to pass traffic, will shut down the cellular interface for a period of a few seconds, which takes down the other 3 tunnels, and then once the cellular interface comes back up, connectivity is restored.

Has anyone ever witnessed this behavior before? What could cause something within the configuration of the one tunnel to shut down the interface when a ping is sent across it?

Thanks for any input!

KMNRUser

Dan Frey · ‎01-11-2024

The hub router debug shows "*Jan 3 14:42:34.309: ISAKMP-ERROR: (1003):IPSec policy invalidated proposal with error 64
*Jan 3 14:42:34.310: ISAKMP-ERROR: (1003):phase 2 SA policy not acceptable! (local 123.123.234.46 remote 10.140.0.20)" which is failing IPSEC phase2. The crypto map references a transform set (CommunityTS) that does not exist in the config. Phase 2 does not come, tunnel does not come up so packets could be egressing the cellular0/2/0 interfaces with no tunnel header. There is no NAT configured on the cellular interface which could lead to the IP source violation on the VZW network. There are services in the config that source packets from loopback0 and this could also lead to IP address violation on the 1100 router.

crypto map S2S 20 ipsec-isakmp 
 set peer 10.140.0.20
 set transform-set CommunityTS 
 match address GREINIPSEC

Richard Burts · ‎01-11-2024

Thanks Dan. You have identified and described the specifics of what I suggested in general could cause these symptoms. I hope that KMNRuser can correct this issue and let us know the result.

HTH

Rick