Thank you George for replying. Here is the config minus crypto and tunnel sections:

chat-script lte "" "AT!CALL" TIMEOUT 20 "OK"
!
controller Cellular 0
 lte sim data-profile 3 attach-profile 1 slot 0
 lte modem link-recovery rssi onset-threshold -110
 lte modem link-recovery monitor-timer 20
 lte modem link-recovery wait-timer 10
 lte modem link-recovery debounce-count 6
!
track 10 ip sla 1 reachability
!
track 11 ip sla 2 reachability
!
interface Loopback1
 ip address 172.20.151.1 255.255.255.248
!
interface GigabitEthernet0
 ip address 192.10.1.1 255.255.255.240
 ip accounting output-packets
 ip nat outside
 ip virtual-reassembly in
 duplex auto
 speed auto
!
interface GigabitEthernet1
 ip address 10.20.1.1 255.255.255.0
 ip accounting output-packets
 duplex auto
 speed auto
!
interface Cellular0
 ip address negotiated
 ip access-group 199 out
 ip accounting output-packets
 ip flow egress
 ip nat outside
 ip virtual-reassembly in
 encapsulation slip
 load-interval 30
 dialer in-band
 dialer idle-timeout 0
 dialer-group 1
 no peer default ip address
 async mode interactive
 routing dynamic
!
dialer watch-list 1 ip 172.20.151.1 255.255.255.255
dialer watch-list 1 delay route-check initial 30
dialer watch-list 1 delay connect 1
dialer-list 1 protocol ip permit
!
access-list 199 permit ip host 10.170.191.1 any
access-list 199 deny   ip any any log
!
line con 0
 stopbits 1
line 1 2
 stopbits 1
line 3
 script dialer lte
 no exec
 transport preferred lat pad telnet rlogin lapb-ta mop udptn v120 ssh
 transport input ssh
 transport output ssh
 speed 144000
line 8
 no exec
 transport preferred lat pad telnet rlogin lapb-ta mop udptn v120 ssh
 transport output lat pad telnet rlogin lapb-ta mop udptn v120 ssh
line 1/3 1/6
 transport preferred none
 transport output none
 stopbits 1
line vty 0 4
 session-timeout 60  output
 access-class TerminalAccess in
 login local
 transport input ssh
!
no scheduler max-task-time

The modem's function was to connect over radio connect to GE 0, when reception was lost it would switch over to cellular. This did work for several years, and whenever radio reception was lost it would fail over to cellular, I would get notifications and would see traffic flowing through the cell, and no telemetry was lost.

Hello,

seeing only the partial config makes it hard tell if anything is missing. Can you post the full (show run) configuration ?

Sorry, here is the config:

CTU#sh run
Building configuration...



Current configuration : 9198 bytes
!
!
version 15.6
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname CTU
!
boot-start-marker
boot system flash:/ir800-universalk9-mz.SPA.156-3.M2
boot-end-marker
!
!
!
no aaa new-model
clock timezone CST -6 0
clock summer-time CDT recurring
!
!
!
!
!
!
!
!
!
!
!


!
!
!
!
ip domain name xxxxxxxxxxxx.com
ip cef
no ipv6 cef
!
multilink bundle-name authenticated
!
!
!
chat-script lte "" "AT!CALL" TIMEOUT 20 "OK"
!
crypto pki trustpoint TP-self-signed-422713650
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-422713650
 revocation-check none
 rsakeypair TP-self-signed-422713650
!
!
crypto pki certificate chain TP-self-signed-422713650
 certificate self-signed 01
  30820229 30820192 A0030201 02020101 300D0609 2A864886 F70D0101 05050030
  30312E30 2C060355 04031325 494F532D 53656C66 2D536967 6E65642D 43657274
  69666963 6174652D 34323237 31333635 30301E17 0D313730 38313831 36303834
  395A170D 32303031 30313030 30303030 5A303031 2E302C06 03550403 1325494F
  532D5365 6C662D53 69676E65 642D4365 72746966 69636174 652D3432 32373133
  36353030 819F300D 06092A86 4886F70D 01010105 0003818D 00308189 02818100
  B5535184 2AF76562 91C013AE BE7D01E3 FE2D986B 4107C3BB 84287426 EC9873FE
  7C8F95B6 47655A5B 26272DBD BD86AFB6 C35B370F 149CB6D1 D29600E1 C50A7101
  DBE195A7 CBC5DF63 670C25F4 C372A874 5B36A202 A5603C8A 01B5DC15 1ADCD1D1
  B2100261 AF9D2C52 6F46D624 75140764 9DE738D7 4341F532 E8007557 7B39DF23
  02030100 01A35330 51300F06 03551D13 0101FF04 05300301 01FF301F 0603551D
  23041830 168014E5 75B361C9 E64C9BF5 42BEE6DA 88B6CD3B 6AD47930 1D060355
  1D0E0416 0414E575 B361C9E6 4C9BF542 BEE6DA88 B6CD3B6A D479300D 06092A86
  4886F70D 01010505 00038181 008E9F8B 305A2DB7 91298D5F BC7924E0 B3D33D3A
  065CD1F4 DF7A1E2B A12FB438 7FEC4BDB EEC73FEA E5071FF1 C3A3BA4B 1CEFA672
  57E769FD 00425E17 0A0C6418 89B130B0 D6F34C80 40E360E3 75E6724D 014CEC0C
  247DF69E 9ED78367 6DD1837C C8051BD0 F163C8C0 E246BC5C 1E4016C7 CE3C49F7
  B26A6FAB F01F7E6B DDAFBEC6 DB
        quit
license udi pid IR809G-LTE-VZ-K9 sn FCW2118003T
!
!
object-group network obj-10.XX.XX.0
 10.XX.XX.0 255.255.255.0
!
object-group network obj-10.20.1.0
 10.20.1.0 255.255.255.0
!
object-group network obj-172.31.20.0
 172.31.20.0 255.255.255.240
!
username YYYY privilege 15 password 7 YYYY
username XXXX privilege 15 password 7 XXXX
!
redundancy
!
!
!
!
!
controller Cellular 0
 lte sim data-profile 3 attach-profile 1 slot 0
 lte modem link-recovery rssi onset-threshold -110
 lte modem link-recovery monitor-timer 20
 lte modem link-recovery wait-timer 10
 lte modem link-recovery debounce-count 6
!
track 10 ip sla 1 reachability
!
track 11 ip sla 2 reachability
!
!
!
crypto isakmp policy 1
 encr aes
 authentication pre-share
 group 14
crypto isakmp key 22!M@ address 192.10.1.2
crypto isakmp key 22!M@ address 192.10.1.3
crypto isakmp key 22!M@ address 10.170.XX.2
crypto isakmp key 22!M@ address 10.170.XX.3
!
!
crypto ipsec transform-set T1 esp-aes esp-sha-hmac
 mode tunnel
!
crypto ipsec profile IPSEC
 set transform-set T1
!
!
!
!
!
!
!
interface Loopback1
 ip address 172.20.151.1 255.255.255.248
!
interface Tunnel0
 ip address 172.10.1.1 255.255.255.248
 ip tcp adjust-mss 1360
 load-interval 30
 tunnel source 192.10.1.1
 tunnel mode ipsec ipv4
 tunnel destination 192.10.1.2
 tunnel protection ipsec profile IPSEC
!
interface Tunnel1
 ip address 172.20.1.1 255.255.255.248
 ip tcp adjust-mss 1360
 load-interval 30
 tunnel source 10.170.XX.1
 tunnel mode ipsec ipv4
 tunnel destination 10.170.XX.2
 tunnel protection ipsec profile IPSEC
!
interface Tunnel2
 ip address 172.30.1.1 255.255.255.248
 ip tcp adjust-mss 1360
 load-interval 30
 tunnel source 192.10.1.1
 tunnel mode ipsec ipv4
 tunnel destination 192.10.1.3
 tunnel protection ipsec profile IPSEC
!
interface Tunnel3
 ip address 172.40.1.1 255.255.255.248
 ip tcp adjust-mss 1360
 load-interval 30
 tunnel source 10.170.191.1
 tunnel mode ipsec ipv4
 tunnel destination 10.170.XX.3
 tunnel protection ipsec profile IPSEC
!
interface GigabitEthernet0
 ip address 192.10.1.1 255.255.255.240
 ip accounting output-packets
 ip nat outside
 ip virtual-reassembly in
 duplex auto
 speed auto
!
interface GigabitEthernet1
 ip address 10.20.1.1 255.255.255.0
 ip accounting output-packets
 duplex auto
 speed auto
!
interface Wpan2
 no ip address
 ieee154 txpower 25
 no ieee154 fec-off
!
interface GigabitEthernet2
 no ip address
 shutdown
 duplex auto
 speed auto
!
interface Cellular0
 ip address negotiated
 ip access-group 199 out
 ip accounting output-packets
 ip nat outside
 ip virtual-reassembly in
 encapsulation slip
 load-interval 30
 dialer in-band
 dialer idle-timeout 0
 dialer-group 1
 no peer default ip address
 async mode interactive
 routing dynamic
!
interface Cellular1
 no ip address
 encapsulation slip
!
interface Async0
 no ip address
 encapsulation scada
!
interface Async1
 no ip address
 encapsulation scada
!
!
!
router eigrp 1
 network 10.20.1.0 0.0.0.7
 network 10.170.XX.0 0.0.0.127
 network 192.10.1.0 0.0.0.15
!
ip forward-protocol nd
!
no ip http server
ip http authentication local
ip http secure-server
!
ip nat inside source list 2 interface Cellular0 overload
ip route 10.20.2.0 255.255.255.248 Tunnel0 track 10
ip route 10.20.3.0 255.255.255.248 Tunnel2 track 11
ip route 10.20.2.0 255.255.255.248 Tunnel1 20
ip route 10.20.3.0 255.255.255.248 Tunnel3 20
ip route 128.138.140.44 255.255.255.255 10.20.1.254
ip route 184.105.192.247 255.255.255.255 10.20.1.254
ip ssh server algorithm encryption aes128-ctr aes192-ctr aes256-ctr
ip ssh client algorithm encryption aes128-ctr aes192-ctr aes256-ctr
!
ip access-list extended TerminalAccess
 permit tcp host 10.20.2.1 any eq 22
 permit tcp host 10.20.3.1 any eq 22
 permit tcp object-group obj-10.XX.XX.0 any eq 22
 permit tcp object-group obj-10.20.1.0 any eq 22
 permit tcp object-group obj-172.31.20.0 any eq 22
!
ip sla 1
 icmp-echo 192.10.1.2 source-ip 192.10.1.1
ip sla schedule 1 life forever start-time now
ip sla 2
 icmp-echo 192.10.1.3 source-ip 192.10.1.1
ip sla schedule 2 life forever start-time now
logging trap debugging
logging source-interface GigabitEthernet1
logging host 10.XX.XX.151 transport udp port 1516
dialer watch-list 1 ip 172.20.151.1 255.255.255.255
dialer watch-list 1 delay route-check initial 30
dialer watch-list 1 delay connect 1
dialer-list 1 protocol ip permit
ipv6 ioam timestamp
!
!
snmp-server community public RO 99
snmp-server trap-source GigabitEthernet1
snmp-server location LaSalle, IL
snmp-server contact XXXXXXXXXXX
snmp-server enable traps c3g
snmp-server enable traps LTE
snmp-server enable traps wpan
snmp-server enable traps envmon
snmp-server enable traps config
snmp-server enable traps event-manager
snmp-server enable traps ipsla
snmp-server enable traps alarms informational
snmp-server host 10.XX.XX.150 version 2c public  event-manager ipsla
snmp-server host 10.XX.XX.151 version 2c public  config event-manager ipsla
snmp-server host 10.XX.XX.220 version 2c public
access-list 1 permit any
access-list 2 permit 10.20.1.0 0.0.0.255
access-list 10 permit 10.20.1.0 0.0.0.7
access-list 10 permit 10.20.2.0 0.0.0.7
access-list 10 permit 10.20.3.0 0.0.0.7
access-list 10 permit 192.10.1.0 0.0.0.15
access-list 99 permit 10.XX.XX.150
access-list 99 permit 10.XX.XX.151
access-list 99 permit 10.XX.XX.152
access-list 100 permit ip any any
access-list 199 permit ip host 10.170.XX.1 any
access-list 199 deny   ip any any log
!
control-plane
!
!
!
!
line con 0
 stopbits 1
line 1 2
 stopbits 1
line 3
 script dialer lte
 no exec
 transport preferred lat pad telnet rlogin lapb-ta mop udptn v120 ssh
 transport input ssh
 transport output ssh
 speed 144000
line 8
 no exec
 transport preferred lat pad telnet rlogin lapb-ta mop udptn v120 ssh
 transport output lat pad telnet rlogin lapb-ta mop udptn v120 ssh
line 1/3 1/6
 transport preferred none
 transport output none
 stopbits 1
line vty 0 4
 session-timeout 60  output
 access-class TerminalAccess in
 login local
 transport input ssh
!
no scheduler max-task-time
ntp server 10.XX.XX.220
ntp server 184.105.192.247
iox client enable interface GigabitEthernet2
!
!
!
!
!
event manager applet ipsla-up
 event snmp oid 1.3.6.1.4.1.9.9.42.1.2.10.1.2.1 get-type exact entry-op eq entry-val "1" exit-op ne exit-val "1" poll-interval 10
!
end

CTU#

Hello,

I don't know why there is a dialer watch and a dialer group, as the dialer watch doesn't appear to be in use. Either way, try to use the dialer watch:

interface Cellular0
ip address negotiated
ip access-group 199 out
ip accounting output-packets
ip nat outside
ip virtual-reassembly in
encapsulation slip
load-interval 30
dialer in-band
dialer idle-timeout 0
--> no dialer-group 1

--> dialer watch-group 1
no peer default ip address
async mode interactive
routing dynamic

No luck, although the interface no longer shows as down which I assume is due to the dialer watch list?

Cellular0                  unassigned      YES manual up                    up

I changed the interface back to 'no ip address'. The SIM has a static IP assigned, though I never have actually configured the IP on these interfaces before (would be confused as to why or that could change). The initial config ran for several years on 3 modems, with an additional that was used for testing though the cellular interface was only used for brief time. 

sh run interface cellular 0
Building configuration...

Current configuration : 307 bytes
!
interface Cellular0
 no ip address
 ip access-group 199 out
 ip accounting output-packets
 ip nat outside
 ip virtual-reassembly in
 encapsulation slip
 load-interval 30
 dialer in-band
 dialer idle-timeout 0
 dialer watch-group 1
 no peer default ip address
 async mode interactive
 routing dynamic
end

Has something possibly changed with Verizon, and or compatibility of this configuration that prevents it from connecting to the APN? Another problem I seem to be having is setting debug for chat and dialer I see nothing logged. This was not the case when I started as I was seeing the "Di1: No free dialer" messages. I have manually shut and no shut the cellular 0 interface, is it maybe something I am missing to kick start this?

Hello,

what if you take the access list off the interface ?

interface Cellular0
no ip address
--> no ip access-group 199 out
ip accounting output-packets
ip nat outside
ip virtual-reassembly in
encapsulation slip
load-interval 30
dialer in-band
dialer idle-timeout 0
dialer watch-group 1
no peer default ip address
async mode interactive
routing dynamic

The access list was actually advised by Cisco a few years back as a means to prevent Verizon's APN seeing traffic not sourced from the cellular or something along that line. Regardless, removing it had no effect. It was permitting just the static IP that the APN provides and denying any other traffic. Unless someone on Verizon's side accidently put these SIMs in a different pool, the 10.170.xx.1 permitted address should be OK.

I did contact VZW this morning and the 3 modems (all IR809s) which are offline are not blocked or anything from their end. The IR809s for whatever reason just stopped working, no longer connecting to APN, profile is "INACTIVE", and none are retrieving their IP address (which is static assigned from the APN).

Frustrating part is this seemingly worked fine for a few years and just stopped unexpectant on its own.

Hello,

based on your last post, and since three 809s are suddenly not working anymore, I would ask Verizon to test if they can ping the assigned IP addresses if you statically configure them on your routers. After all, it does sound something has been altered on the Verizon side.

At the very least, configure the addresses statically, and see if you can ping them from an external address.