Hi,

i using different ISP, Once doing clear ip route still use same ISP. can you advise how to config EEM script since i using ipsec vpn connect to my core router.i need to ensure when isp signal is low it will switch to another isp or when data reach limit it will switch to other ISP,

Below full config on my router.

Current configuration : 8021 bytes
!
! Last configuration change at 02:02:20 UTC Wed Jan 9 2019 by alif
!
version 15.6
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname shen
!
boot-start-marker
boot-end-marker
!
!
logging buffered 51200 warnings
!
no aaa new-model
ethernet lmi ce
!

!
ip dhcp excluded-address 10.10.10.1
!
ip dhcp pool ccp-pool
import all
network 10.10.10.0 255.255.255.128
default-router 10.10.10.1
lease 0 2
!
!
!
no ip domain lookup
ip domain name yourdomain.com
ip cef
no ipv6 cef
!
!
!
!
!
multilink bundle-name authenticated
!
!
chat-script lte "" "AT!CALL" TIMEOUT 20 "OK"
!
!
!
!
!NG
!
!
username alif privilege 15 secret 5 $1$jwex$B1BsDFQ3v5.9YpGpnbESl1
!
!
!
!
!
controller Cellular 0
lte sim data-profile 1 attach-profile 1 slot 0
lte sim data-profile 1 attach-profile 1 slot 1
lte failovertimer 5
lte modem link-recovery rssi onset-threshold -110
lte modem link-recovery monitor-timer 20
lte modem link-recovery wait-timer 10
lte modem link-recovery debounce-count 6
no cdp run
!
!
!
crypto isakmp policy 10
encr 3des
hash md5
authentication pre-share
group 2
crypto isakmp key keyless address 202.x.x.x
crypto isakmp nat keepalive 20
!
crypto ipsec security-association lifetime seconds 86400
!
crypto ipsec transform-set alif esp-3des esp-md5-hmac
mode tunnel
!
!
!
crypto map myalif 10 ipsec-isakmp
set peer 202..x.x.x
set transform-set alif
match address alif
!
dlsw local-peer peer-id 30.0.0.110
dlsw remote-peer 0 tcp 30.2.2.251
dlsw remote-peer 0 tcp 30.2.2.250
dlsw remote-peer 0 tcp 10.123.1.2
dlsw remote-peer 0 tcp 30.2.2.253
dlsw remote-peer 0 tcp 20.2.1.138
dlsw remote-peer 0 tcp 30.2.2.254
dlsw remote-peer 0 tcp 20.2.1.147
dlsw remote-peer 0 tcp 20.2.1.145
dlsw remote-peer 0 tcp 30.1.1.2
dlsw remote-peer 0 tcp 30.1.1.3
dlsw remote-peer 0 tcp 10.125.1.2
dlsw bridge-group 1
!
!
!
!
!
interface Loopback0
ip address 30.0.0.110 255.255.255.255
!
interface Cellular0
ip address negotiated
ip nat outside
ip virtual-reassembly in
encapsulation slip
no ip route-cache cef
load-interval 60
dialer in-band
dialer pool-member 2
async mode interactive
!
interface Cellular1
no ip address
encapsulation slip
no ip route-cache cef
!
interface FastEthernet0
switchport access vlan 2
no ip address
!
interface FastEthernet1
no ip address
!
interface FastEthernet2
no ip address
!
interface FastEthernet3
no ip address
!
interface GigabitEthernet0
description test-ip
duplex auto
speed auto
!
interface Serial0
description Direct
no ip address
encapsulation sdlc
no keepalive
nrzi-encoding
clock rate 9600
sdlc role primary
sdlc vmac 2000.0110.1000
sdlc address AB
sdlc xid AB 01403280
sdlc partner 4000.0000.0002 AB
sdlc dlsw AB
!
interface Vlan1
description $ETH_LAN$
ip address 10.10.10.1 255.255.255.128
ip tcp adjust-mss 1452
!
interface Vlan2
description Device LAN
ip address 10.60.107.222 255.255.255.252
!
interface Dialer1
description << Dialer associated with Cellular Interface >>
ip address negotiated
no ip redirects
no ip proxy-arp
ip nat outside
ip virtual-reassembly in
no ip route-cache cef
dialer pool 2
dialer string lte
dialer watch-group 1
dialer-group 1
no cdp enable
crypto map myalif
!
ip forward-protocol nd
ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
!
ip route 0.0.0.0 0.0.0.0 Dialer1
!
ip access-list extended alif
permit ip host 30.0.0.110 any
permit ip 10.60.0.0 0.0.0.255 any
permit ip host 10.17.19.249 any
permit ip 30.0.0.0 0.0.0.255 10.17.19.0 0.0.0.255
!
dialer watch-list 1 ip 1.1.1.1 255.255.255.255
dialer watch-list 1 delay route-check initial 60
dialer watch-list 1 delay connect 10
dialer watch-list 1 delay disconnect 20
dialer-list 1 protocol ip permit
!
!
control-plane
!
!
!
mgcp behavior rsip-range tgcp-only
mgcp behavior comedia-role none
mgcp behavior comedia-check-media-src disable
mgcp behavior comedia-sdp-force disable
!
mgcp profile default

Thanks

Hello,

based on your information, I have come up with the configuration below. Important parts are marked in bold:

Current configuration : 8021 bytes
!
! Last configuration change at 02:02:20 UTC Wed Jan 9 2019 by alif
!
version 15.6
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname shen
!
boot-start-marker
boot-end-marker
!
logging buffered 51200 warnings
!
no aaa new-model
ethernet lmi ce
!
ip dhcp excluded-address 10.10.10.1
!
ip dhcp pool ccp-pool
import all
network 10.10.10.0 255.255.255.128
default-router 10.10.10.1
lease 0 2
!
no ip domain lookup
ip domain name yourdomain.com
ip cef
no ipv6 cef
!
multilink bundle-name authenticated
!
chat-script lte "" "AT!CALL" TIMEOUT 20 "OK"
!
!NG
!
username alif privilege 15 secret 5 $1$jwex$B1BsDFQ3v5.9YpGpnbESl1
!
controller Cellular 0
lte sim data-profile 1 attach-profile 1 slot 0
lte failovertimer 5
lte modem link-recovery rssi onset-threshold -110
lte modem link-recovery monitor-timer 20
lte modem link-recovery wait-timer 10
lte modem link-recovery debounce-count 6
no cdp run
!
controller Cellular 1
lte sim data-profile 2 attach-profile 1 slot 1
lte failovertimer 5
lte modem link-recovery rssi onset-threshold -110
lte modem link-recovery monitor-timer 20
lte modem link-recovery wait-timer 10
lte modem link-recovery debounce-count 6
no cdp run
!
crypto isakmp policy 10
encr 3des
hash md5
authentication pre-share
group 2
crypto isakmp key keyless address 202.x.x.x
crypto isakmp nat keepalive 20
!
crypto ipsec security-association lifetime seconds 86400
!
crypto ipsec transform-set alif esp-3des esp-md5-hmac
mode tunnel
!
crypto map myalif 10 ipsec-isakmp
set peer 202..x.x.x
set transform-set alif
match address alif
!
dlsw local-peer peer-id 30.0.0.110
dlsw remote-peer 0 tcp 30.2.2.251
dlsw remote-peer 0 tcp 30.2.2.250
dlsw remote-peer 0 tcp 10.123.1.2
dlsw remote-peer 0 tcp 30.2.2.253
dlsw remote-peer 0 tcp 20.2.1.138
dlsw remote-peer 0 tcp 30.2.2.254
dlsw remote-peer 0 tcp 20.2.1.147
dlsw remote-peer 0 tcp 20.2.1.145
dlsw remote-peer 0 tcp 30.1.1.2
dlsw remote-peer 0 tcp 30.1.1.3
dlsw remote-peer 0 tcp 10.125.1.2
dlsw bridge-group 1
!
interface Loopback0
ip address 30.0.0.110 255.255.255.255
!
interface Cellular0
ip address negotiated
ip nat outside
ip virtual-reassembly in
encapsulation slip
no ip route-cache cef
load-interval 60
dialer in-band
dialer pool-member 1
async mode interactive
routing dynamic
!
interface Cellular1
ip address negotiated
ip nat outside
ip virtual-reassembly in
encapsulation slip
load-interval 30
dialer in-band
dialer pool-member 2
async mode interactive
routing dynamic
!
interface FastEthernet0
switchport access vlan 2
no ip address
!
interface FastEthernet1
no ip address
!
interface FastEthernet2
no ip address
!
interface FastEthernet3
no ip address
!
interface GigabitEthernet0
description test-ip
duplex auto
speed auto
!
interface Serial0
description Direct
no ip address
encapsulation sdlc
no keepalive
nrzi-encoding
clock rate 9600
sdlc role primary
sdlc vmac 2000.0110.1000
sdlc address AB
sdlc xid AB 01403280
sdlc partner 4000.0000.0002 AB
sdlc dlsw AB
!
interface Vlan1
description $ETH_LAN$
ip address 10.10.10.1 255.255.255.128
ip nat inside
ip tcp adjust-mss 1452
!
interface Vlan2
description Device LAN
ip address 10.60.107.222 255.255.255.252
ip nat inside
!
interface Dialer1
description << Dialer associated with Cellular Interface 0 >>
ip address negotiated
no ip redirects
no ip proxy-arp
ip nat outside
ip virtual-reassembly in
no ip route-cache cef
dialer pool 2
dialer string lte
dialer-group 1
no cdp enable
crypto map myalif
!
interface Dialer2
description << Dialer associated with Cellular Interface 1>>
ip address negotiated
no ip redirects
no ip proxy-arp
ip nat outside
ip virtual-reassembly in
no ip route-cache cef
dialer pool 2
dialer string lte
dialer-group 1
no cdp enable
crypto map myalif
!
ip forward-protocol nd
ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
ip local policy-route-map TRACK_PRIMARY
ip route 0.0.0.0 0.0.0.0 Dialer1 track 1
ip route 0.0.0.0 0.0.0.0 Dialer2 254
!
ip nat inside source route-map NAT_TO_DIALER_1 interface Dialer1 overload
ip nat inside source route-map NAT_TO_DIALER_2 interface Dialer2 overload
!
ip sla 1
icmp-echo 8.8.8.8 source-interface Dialer1
timeout 1000
frequency 2
!
ip sla schedule 1 life forever start-time now
!
ip access-list extended alif
permit ip host 30.0.0.110 any
permit ip 10.60.0.0 0.0.0.255 any
permit ip host 10.17.19.249 any
permit ip 30.0.0.0 0.0.0.255 10.17.19.0 0.0.0.255
!
access-list 101 permit icmp any host 8.8.8.8
!
access-list 102 deny ip host 30.0.0.110 any
access-list 102 deny ip 10.60.0.0 0.0.0.255 any
access-list 102 deny ip host 10.17.19.249 any
access-list 102 deny ip 30.0.0.0 0.0.0.255 10.17.19.0 0.0.0.255
access-list 102 permit ip 10.10.10.0 0.0.0.127 any
access-list 102 permit 10.60.107.220 0.0.0.3 any

!

dialer-list 1 protocol ip permit
!
route-map TRACK_PRIMARY permit 10
match ip address 101
set interface Dialer1
!
route-map NAT_TO_DIALER_1 permit 10
match ip address 102
match interface Dialer1
!
route-map NAT_TO_DIALER_2 permit 10
match ip address 102
match interface Dialer2
!
event manager applet CLEAR_NAT
event track 1 state any
action 1.0 cli command “enable”
action 2.0 cli command “clear ip nat translation *”
action 3.0 cli command "clear ip route *"
!
control-plane
!
mgcp behavior rsip-range tgcp-only
mgcp behavior comedia-role none
mgcp behavior comedia-check-media-src disable
mgcp behavior comedia-sdp-force disable
!
mgcp profile default
!
line 3
exec-timeout 0 0
script dialer lte
login
modem InOut

Hi Sir 

Many thanks for kind assistance

As now running config follow as per advise,im not sure event manager is working as i try to clear ip route still use same ISP.  i also having problem failed to ping my hub router(192.168.x.x) from laptop ip address (10.60.107.221). ipsec tunnel is up can ping hub router inside branch router(cisco819)

Below error command

shen(config)#controller cellular 1
^
% Invalid input detected at '^' marker.

shen(config)#controller cellular ?
<0-0> Controller unit number

shen(config)#controller cellular

current setting

controller Cellular 0
lte sim data-profile 1 attach-profile 1 slot 0
lte sim data-profile 2 attach-profile 2 slot 1
lte failovertimer 5
lte modem link-recovery rssi onset-threshold -110
lte modem link-recovery monitor-timer 20
lte modem link-recovery wait-timer 10
lte modem link-recovery debounce-count 6

-----------------------------------------

shen(config)#ip sla 1
shen(config-ip-sla)#icmp-echo 8.8.8.8 source-interface Dialer1
shen(config-ip-sla-echo)#timeout 1000
%Error: timeout is less than threshold 5000

shen(config-ip-sla-echo)#frequency 2000
shen(config-ip-sla-echo)#

current config 

ip sla 1
icmp-echo 8.8.8.8 source-interface Dialer1

shen(config-ip-sla-echo)#timeout 5000
frequency 2000
dialer-list 1 protocol ip permit

-------------------------------------

Current config

event manager applet CLEAR_NAT
event track 1 state any
action 1.0 cli command "enable"
action 2.0 cli command "clear ip nat translation translation"
action 3.0 cli command "clear ip route *"

------------------------------------------------

From Laptop ip 10.60.107.221

Tracing route to 192.168.14.X over a maximum of 30 hops

1 1 ms <1 ms <1 ms 10.60.107.222
2 * * * Request timed out.
3 * * * Request timed out.
4 * * * Request timed out.
5 * * * Request timed out.