Connection to LTE on Cisco 819

navydivervet · ‎10-05-2018

Trying to reverse engineer installation. Customer intent was to use LTE circuit for internet and establish S2S vpn to corporate site. ISP installed Cisco 819 (see scrubbed config below). I see the Cell0 up, but unable to get Internet connectivity when connecting to router.

What's the best/proper device and method to connect to the 819? I have ISR 4331 (with no NIM for LTE), and an ASA 5500. Am I missing something more obvious?

***SCRUBBED CONFIG****

multilink bundle-name authenticated
!
chat-script LTE "" "AT!CALL1" TIMEOUT 20 "OK"
chat-script lte "" "AT!CALL" TIMEOUT 20 "OK"
!
controller Cellular 0
lte modem link-recovery rssi onset-threshold -110
lte modem link-recovery monitor-timer 20
lte modem link-recovery wait-timer 10
lte modem link-recovery debounce-count 6
!
interface Loopback1234
description ### NEMO Router Home Address b
ip address 1.2.3.4 255.255.255.255
!
interface Tunnel300
description DMNR tunnel template
no ip address
ip tcp adjust-mss 1390
!
interface Cellular0
ip address negotiated
no ip unreachables
ip flow monitor ipv4flow input
ip flow monitor ipv4flow output
ip mobile router-service roam
ip mobile router-service collocated ccoa-only
encapsulation slip
load-interval 30
dialer in-band
dialer idle-timeout 0
dialer enable-timeout 6
dialer string LTE
dialer watch-group 1
async mode interactive
!
interface FastEthernet0
switchport access vlan 200
no ip address
!
interface FastEthernet1
switchport access vlan 200
no ip address
!
interface Serial0
no ip address
shutdown
clock rate 2000000
!
interface Vlan200
ip address 10.10.10.129 255.255.255.240
!
router mobile
!
ip ftp source-interface Cellular0
ip mobile secure home-agent 4.3.2.1 spi decimal 256 key ascii VzWNeMo algorithm hmac-md5
ip mobile router
address 1.2.3.4 255.255.255.0
collocated single-tunnel
home-agent 4.3.2.1
template Tunnel333
register extend expire 10 retry 3 interval 5
reverse-tunnel
tunnel mode gre
!
dialer watch-list 1 ip 5.6.7.8 0.0.0.0
dialer watch-list 1 delay route-check initial 30
dialer watch-list 1 delay connect 1
!
route-map DENY_PIP_SUBNETS deny 10
match tag 65000
!
route-map DENY_PIP_SUBNETS permit 20
!
route-map SET_TAG_65000 permit 10
set tag 65000
!
route-map clear-df permit 10
set ip df 0
!
line 3
script dialer LTE
modem InOut
no exec
rxspeed 100000000
txspeed 50000000
----------------------------------

#sho ip int br
Interface IP-Address OK? Method Status Protocol
Cellular0 222.222.222.202 YES IPCP up up
FastEthernet0 unassigned YES unset up down
FastEthernet1 unassigned YES unset up down
FastEthernet2 unassigned YES unset administratively down down
FastEthernet3 unassigned YES unset administratively down down
GigabitEthernet0 unassigned YES unset administratively down down
Loopback1234 1.2.3.4 YES TFTP up up
Mobile0 unassigned YES unset up up
Serial0 unassigned YES unset administratively down down
Tunnel333 unassigned YES unset up down
Vlan1 unassigned YES unset
10.10.10.129 YES TFTP down down

Georg Pauwen · ‎10-05-2018

Hello,

you are missing the NAT configuration. Add what is marked in bold and check if you get Internet connectivity:

multilink bundle-name authenticated
!
chat-script LTE "" "AT!CALL1" TIMEOUT 20 "OK"
chat-script lte "" "AT!CALL" TIMEOUT 20 "OK"
!
controller Cellular 0
lte modem link-recovery rssi onset-threshold -110
lte modem link-recovery monitor-timer 20
lte modem link-recovery wait-timer 10
lte modem link-recovery debounce-count 6
!
interface Loopback1234
description ### NEMO Router Home Address b
ip address 1.2.3.4 255.255.255.255
!
interface Tunnel300
description DMNR tunnel template
no ip address
ip tcp adjust-mss 1390
!
interface Cellular0
ip address negotiated
ip nat outside
no ip unreachables
ip flow monitor ipv4flow input
ip flow monitor ipv4flow output
ip mobile router-service roam
ip mobile router-service collocated ccoa-only
encapsulation slip
load-interval 30
dialer in-band
dialer idle-timeout 0
dialer enable-timeout 6
dialer string LTE
--> no dialer watch-group 1

dialer-group 1
async mode interactive
!
interface FastEthernet0
switchport access vlan 200
no ip address
!
interface FastEthernet1
switchport access vlan 200
no ip address
!
interface Serial0
no ip address
shutdown
clock rate 2000000
!
interface Vlan200
ip address 10.10.10.129 255.255.255.240
ip nat inside
!
router mobile
!
ip nat inside source list 1 interface Cellular 0 overload
!
access-list 1 permit 10.10.10.128 0.0.0.15
!
ip ftp source-interface Cellular0
ip mobile secure home-agent 4.3.2.1 spi decimal 256 key ascii VzWNeMo algorithm hmac-md5
ip mobile router
address 1.2.3.4 255.255.255.0
collocated single-tunnel
home-agent 4.3.2.1
template Tunnel333
register extend expire 10 retry 3 interval 5
reverse-tunnel
tunnel mode gre
!

dialer-list 1 protocol ip permit

!
dialer watch-list 1 ip 5.6.7.8 0.0.0.0
dialer watch-list 1 delay route-check initial 30
dialer watch-list 1 delay connect 1
!
route-map DENY_PIP_SUBNETS deny 10
match tag 65000
!
route-map DENY_PIP_SUBNETS permit 20
!
route-map SET_TAG_65000 permit 10
set tag 65000
!
route-map clear-df permit 10
set ip df 0
!
line 3
script dialer LTE
modem InOut
no exec
rxspeed 100000000
txspeed 50000000

navydivervet · ‎10-05-2018

I'll give it a shot when I get on site. Really appreciate the help. Thanks!

navydivervet · ‎10-05-2018

Another question... What should this 819 Router be connected to, on customer's internal network? It's managed by the ISP and the customer does not have a Router with an LTE nim. Can I just connect it to an internet switch and/or ASA? I'd like to establish a S2S vpn, but they only provided a /32 public ip

Georg Pauwen · ‎10-05-2018

Hello,

are you saying you have no access to the 819 ? You typically hook up a switch to the router to provide access to your internal clients...