Generating "interesting" traffic on Cisco cellular with IPSec?
I have a remote Cisco ISR (1000) that's using a public cellular APN to connect to an enterprise firewall via IPSec. The router is using IPSec for a majority of its connectivity, however I've had to add a script to the ISR without IPSec to generate interesting traffic (pinging Google DNS) to initiate and keep the Cellular alive. If I try to do this using the IPSec, then it seems the cellular doesn't see interesting traffic.
I've added all IPSec designated traffic to individual VRFs. The script is in the global routing table.
So I have three problems with this.
It would be good to find out how to generate traffic for the cellular using the IPSec
I am fairly certain I am leaving the Cisco ISR vulnerable to attack by not using IPSec for the script
If I attempt to add an ACL to the cellular, it applies not only to the global routing table, but all the VRFs as well
The topology is:
Cisco ISR (IPSec) > LTE cellular interface > Public Internet > Enterprise firewall
what script do you have configured ? Can you post the running configuration ? Typically, you would use an IP SLA with a loopback interface to generate the interesting traffic:
interface Loopback 0
ip address 184.108.40.206 255.255.255.255
ip sla 1
icmp-echo 220.127.116.11 source-interface Loopback 0
ip sla schedule 1 start-time now life forever
If you add the traffic between 18.104.22.168 and 22.214.171.124 to the access list that defines interesting traffic, or statically route the traffic through the tunnel in case you are using an SVTI, the traffic should, in theory, activate the cellular...
You don't need to generate traffic to keep your cellular interface alive. I went through the exact same issue and adding the following command "dialer idle-timeout 0 either" on the cellular interface which sets timeout to infinity.
1. Smart Licensing1.1. What is Smart Licensing?1.2. What are the benefits of Cisco Smart Software Licensing? 1.3. What is required to use Smart Software Licensing?1.4. Can you go see what classic license a device is using today? Can you go to a device and...
Cisco DNA - Cisco SD-WAN: Connect to any cloud, anywhere, securely Cisco offers on-prem and cloud-managed WAN edge solutions to meet these new demands. Connect any user to any application with integrated capabilities for multicloud, security, ...
Join us for this virtual event as cloud providers, integrators, ecosystem technology partners and customers discuss what tomorrow's cloud will be and what you need to know to prepare. Get ready to hear about innovations for faster operations, mult...
Let´s talk about spanning-treeLeave your comment in english and in your own language.------------------------------------------------Vamos falar sobre spanning-tree Deixe seu comentário em inglês e no seu idioma.
New Episode on SD-Access AdoptionListen: https://smarturl.it/CCRS8E21Follow us: https://twitter.com/ciscochampionIn this podcast, we discuss recent features, enhancements, and deployment strategies for Cisco SD-Access. New features have enabled additional...