Solved: Cisco 1921 w/HWIC-3g-CDMA to Concentrator 3005

sysadmin1407 · ‎03-30-2011

I have an interesting problem. I've configured a site to site VPN connection between these two devices.

I am using the CDMA card as the primary and only outside connection on the 1921.

What happens is that by default the cellular connection is offline. When traffic is generated internally from that network to the concentrator side of this scenario the cellular connection goes online and builds the tunnel, no problem. However, I cannot initiate the tunnel from the concentrator side. I think what i need is a way to force the cellular connection to always be on, and if it fails to come back online. Anybody have any ideas?

mavespig · ‎03-31-2011

Hi,

"dialer persistent" will start the cellular link as soon as the router is booted and it will keep the link up.

You cannot configure it directly under the cellular interface, you need to configure it on the dialer (dialer interface associated to the cellular interface)

Cheers

Marco

View solution in original post

mavespig · ‎03-31-2011

Hi,

"dialer persistent" will start the cellular link as soon as the router is booted and it will keep the link up.

You cannot configure it directly under the cellular interface, you need to configure it on the dialer (dialer interface associated to the cellular interface)

Cheers

Marco

sysadmin1407 · ‎03-31-2011

Hi Marco,

Thanks so much, that solved the issue of the interface. However, somehow the VPN tunnel has stopped initiating after this change. See the running configuration from the router below, maybe you can spot what i am missing.

Current configuration : 3977 bytes

version 15.0
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption

hostname Crystal_Springs

boot-start-marker
boot-end-marker

no aaa new-model

no ipv6 cef
ip source-route
ip cef

multilink bundle-name authenticated

chat-script cdma "" "ATDT#777" TIMEOUT 60 "CONNECT"

license udi pid CISCO1921/K9 sn FTX151203XH

redundancy

crypto isakmp policy 10
encr aes
authentication pre-share
group 2
crypto isakmp key vpnkey address 75.x.x.x
!
!
crypto ipsec transform-set vpnset esp-aes esp-sha-hmac
!
crypto map vpnset 10 ipsec-isakmp
set peer 75.x.x.x
set transform-set vpnset
match address 101

interface Loopback0
no ip address

interface GigabitEthernet0/0
ip address 172.16.5.1 255.255.0.0
ip nat inside
ip virtual-reassembly
duplex auto
speed auto
!
!
interface GigabitEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
!
interface Cellular0/0/0
ip unnumbered Dialer1
ip nat outside
ip virtual-reassembly
encapsulation ppp
dialer in-band
dialer pool-member 1
dialer-group 1
async mode interactive
ppp chap hostname Cisco
ppp chap password 0 cisco
ppp ipcp dns request
!
!
interface Dialer1
ip address negotiated
ip nat outside
ip virtual-reassembly
encapsulation ppp
dialer pool 1
dialer idle-timeout 0 either
dialer string cdma
dialer persistent delay initial 2
dialer-group 1
ppp chap hostname cisco
ppp chap password 0 cisco
!
!
ip forward-protocol nd
!
ip http server
ip http secure-server
!
ip nat inside source list 100 interface Dialer1 overload
ip route 0.0.0.0 0.0.0.0 Dialer1
!
access-list 1 permit any
access-list 100 deny ip 172.16.5.0 0.0.0.255 129.3.2.0 0.0.0.255
access-list 100 deny ip 172.16.5.0 0.0.0.255 172.21.0.0 0.0.255.255
access-list 100 permit ip 172.16.5.0 0.0.0.255 any
access-list 101 permit ip 172.16.5.0 0.0.0.255 129.3.2.0 0.0.0.255
access-list 101 permit ip 172.16.5.0 0.0.0.255 172.21.0.0 0.0.255.255
dialer-list 1 protocol ip list 1
!
!
!
!
!
!
control-plane
!
!
!
line con 0
line aux 0
line 0/0/0
script dialer cdma
no exec
rxspeed 3100000
txspeed 1800000
line vty 0 4
login
!
scheduler allocate 20000 1000
end

mavespig · ‎04-04-2011

Hi, glad to see that it worked!

I don't have expertise in VPN, you may want to post a new thread under "Security -> VPN" area.

Cheers

Marco