Showing results for 
Search instead for 
Did you mean: 
Join Customer Connection to register!

Generating "interesting" traffic on Cisco cellular with IPSec?

I have a remote Cisco ISR (1000) that's using a public cellular APN to connect to an enterprise firewall via IPSec. The router is using IPSec for a majority of its connectivity, however I've had to add a script to the ISR without IPSec to generate interesting traffic (pinging Google DNS) to initiate and keep the Cellular alive. If I try to do this using the IPSec, then it seems the cellular doesn't see interesting traffic.

I've added all IPSec designated traffic to individual VRFs. The script is in the global routing table.

So I have three problems with this.

  1. It would be good to find out how to generate traffic for the cellular using the IPSec

  2. I am fairly certain I am leaving the Cisco ISR vulnerable to attack by not using IPSec for the script

  3. If I attempt to add an ACL to the cellular, it applies not only to the global routing table, but all the VRFs as well

The topology is:

Cisco ISR (IPSec) > LTE cellular interface > Public Internet > Enterprise firewall

Georg Pauwen
VIP Expert



what script do you have configured ? Can you post the running configuration ? Typically, you would use an IP SLA with a loopback interface to generate the interesting traffic:


interface Loopback 0

ip address


ip sla 1

icmp-echo source-interface Loopback 0


ip sla schedule 1 start-time now life forever


If you add the traffic between and to the access list that defines interesting traffic, or statically route the traffic through the tunnel in case you are using an SVTI, the traffic should, in theory, activate the cellular...

You don't need to generate traffic  to keep your cellular interface alive. I went through the exact same issue and adding the following command "dialer idle-timeout 0 either" on the cellular interface which sets timeout to infinity.