Hello

I am new to this type of config and I am working with a Verizon 4g LTE EHWIC installed into a ISR 1921 and configured with dynamic IP via SIM card. I have had success with getting the 1921 to work on its own and no flapping but when I put this in front of the ISR 4331 off the G0/0/1 port to failover I get the Cellular interface on the ISR 1921 flapping. I read in the docs that if the Carrier does not see what it needs stated in the docs below (as I understand it the IP of the Verizon IP) then it resets the connection. I have this NAT'd and I used a route-map Any help would be greatly appreciated. 

Here is what I have tried

• https://www.cisco.com/c/dam/en/us/td/docs/routers/access/interfaces/software/deployment/guide/c07-731484-00-ngewan.pdf
• https://www.cisco.com/c/dam/en/us/products/collateral/interfaces-modules/4g-lte-wireless-wan-enhanced-high-speed-wan-interface-card/guide_c07-720271.pdf
• I even followed this which was very good by the way. https://community.cisco.com/t5/routing/c819g-4g-vz-k9-verizon-4g-lte-flapping/td-p/3051746 However I do not have this model so I am not sure as.
• I changed the ACL a few times
• I removed the lte auto-recovery under the controller

When connected it does work but then the Cellular WAN goes down.

I am not sure if the double NAT is causing this however it shouldn't if the main LAN subnet on the 4331 is 10.10.111.0 and nated out to the same subnet as the 1921

So here is the config on the 1921 

Cellular Config


NAPLES1921#sh cellular 0/0/0 all
Hardware Information
====================
Modem Firmware Version = SWI9600M_03.05.10.06
Modem Firmware built = 2012/11/12 15:07:45
Hardware Version = 20
International Mobile Subscriber Identity (IMSI) = 311480524391911
International Mobile Equipment Identity (IMEI) = <removed on Purpose)
Integrated Circuit Card ID (ICCID) = 89148000005353118375
Mobile Subscriber International Subscriber
IDentity Number (MSISDN) = 19542904072

Profile Information
====================
Profile 1 = ACTIVE*
--------
PDP Type = IPv4
PDP address = 100.106.25.102
Access Point Name (APN) = VZWINTERNET
Authentication = Unknown
Username:
Password:
        Primary DNS address = 198.224.179.135
        Secondary DNS address = 198.224.180.135

 * - Default profile

Data Connection Information
===========================
Data Transmitted = 1000 bytes, Received = 960 bytes
Profile 1, Packet Session Status = ACTIVE
        IP address = 100.106.25.102
        Primary DNS address = 198.224.179.135
        Secondary DNS address = 198.224.180.135
Profile 2, Packet Session Status = INACTIVE
        Inactivity Reason = Unknown
Profile 3, Packet Session Status = INACTIVE
        Inactivity Reason = Unknown
Profile 4, Packet Session Status = INACTIVE
        Inactivity Reason = Unknown
Profile 5, Packet Session Status = INACTIVE
        Inactivity Reason = Unknown
Profile 6, Packet Session Status = INACTIVE
        Inactivity Reason = Unknown
Profile 7, Packet Session Status = INACTIVE
        Inactivity Reason = Unknown
Profile 8, Packet Session Status = INACTIVE
        Inactivity Reason = Unknown
Profile 9, Packet Session Status = INACTIVE
        Inactivity Reason = Unknown
Profile 10, Packet Session Status = INACTIVE
        Inactivity Reason = Unknown
Profile 11, Packet Session Status = INACTIVE
        Inactivity Reason = Unknown
Profile 12, Packet Session Status = INACTIVE
        Inactivity Reason = Unknown
Profile 13, Packet Session Status = INACTIVE
        Inactivity Reason = Unknown
Profile 14, Packet Session Status = INACTIVE
        Inactivity Reason = Unknown
Profile 15, Packet Session Status = INACTIVE
        Inactivity Reason = Unknown
Profile 16, Packet Session Status = INACTIVE
        Inactivity Reason = Unknown

Network Information
===================
Current Service Status = Normal
Current Service = Packet switched
Current Roaming Status = Home
Network Selection Mode = Automatic
Mobile Country Code (MCC) = 311
Mobile Network Code (MNC) = 480
Packet switch domain(PS) state = Attached
Registration(EMM) state = Registered

Radio Information
=================
Radio power mode = ON
Current RSSI = -63 dBm
LTE Technology Preference = AUTO
LTE Technology Selected = LTE

Modem Security Information
==========================
Card Holder Verification (CHV1) = Disabled
SIM Status = OK
SIM User Operation Required = None
Number of CHV1 Retries remaining = 3

Error Information
=================

This command is not supported on 4G modems.


Modem Crashdump Information
===========================

Here is the Router Config

Current 1921 config



Building configuration...

Current configuration : 5092 bytes
!
! 
version 15.2
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname NAPLES1921
!
boot-start-marker
boot-end-marker
!
!
!
no aaa new-model
!
ip cef
!
!
!
ip dhcp excluded-address 192.168.1.1
ip dhcp excluded-address 192.168.1.254
ip dhcp excluded-address 192.168.1.170
!
ip dhcp pool MAIN-LAN
 network 192.168.1.0 255.255.255.0
 dns-server 1.1.1.1 8.8.8.8
 default-router 192.168.1.1
 lease 7
!
!
!
ip domain name naples.local
no ipv6 cef
!
multilink bundle-name authenticated
!
chat-script ltescript "" "AT!CALL1" TIMEOUT 20 "OK"
!
!
license udi pid CISCO1921/K9 sn FTX17418490
license boot module c1900 technology-package securityk9
!
!

!
redundancy
!
!
!
!
!
controller Cellular 0/0
!
!
class-map type inspect match-any WAN_SELFCMAP
  description Self Zone Protection INTO Router
 match access-group name WAN_SELF
class-map type inspect match-any SELF_WANCMAP
  description Self Zone Protection OUT Router
 match access-group name SELF_WAN
class-map type inspect match-any LAN-WANCMAP
  description Main Corporate LAN
 match protocol tcp
 match protocol udp
 match protocol icmp
class-map type inspect match-any GUEST_WANCMAP
  description Guest Network WiFi
 match protocol http
 match protocol https
 match protocol dns
 match protocol icmp
class-map type inspect match-any WAN_MAINLAN-CMAP
 match access-group name WAN_LAN
!
policy-map type inspect WAN_SELF
 description Control Plane Protection Self INTO Router
 class type inspect WAN_SELFCMAP
  pass
 class class-default
  drop
policy-map type inspect LAN-WANPMAP
 description Corporate LAN OUT TO WAN
 class type inspect LAN-WANCMAP
  inspect
 class class-default
  drop
policy-map type inspect WAN_MAINLAN-PMAP
 class type inspect WAN_MAINLAN-CMAP
  inspect
 class class-default
  drop
policy-map type inspect SELF_WANPMAP
 description Control PLane Protection OUT of Router
 class type inspect SELF_WANCMAP
  pass
 class class-default
  drop
policy-map type inspect GUEST_WANPMAP
 description Guest Network OUT to WAN
 class type inspect GUEST_WANCMAP
  inspect
 class class-default
  drop
!
zone security WAN
 description WAN INTRFACES
zone security MAIN-LAN
 description Main Corporate LAN
zone security GUEST-LAN
 description Guest Network LAN
zone-pair security WAN-TO-SELF source WAN destination self
 description WAN TO SELF PROTECTION
 service-policy type inspect WAN_SELF
zone-pair security SELF-TO-WAN source self destination WAN
 description SELF TO WAN PERMITTED TRAFFIC
 service-policy type inspect SELF_WANPMAP
zone-pair security MAINLAN-WAN source MAIN-LAN destination WAN
 description MAIN-LAN To WAN INTERFACES
 service-policy type inspect LAN-WANPMAP
zone-pair security GUESTLAN-WAN source GUEST-LAN destination WAN
 description GUEST LAN TO WAN INTERFACES
 service-policy type inspect GUEST_WANPMAP
!
!
!
!
!
!
!
!
!
interface Embedded-Service-Engine0/0
 no ip address
 shutdown
!
interface GigabitEthernet0/0
 ip address dhcp
 no ip unreachables
 no ip proxy-arp
 ip nat outside
 ip virtual-reassembly in
 zone-member security WAN
 shutdown
 duplex auto
 speed auto
!
interface GigabitEthernet0/1
 ip address 192.168.1.1 255.255.255.0
 ip nat inside
 ip virtual-reassembly in
 zone-member security MAIN-LAN
 ip tcp adjust-mss 1300
 ip policy route-map clear-df
 duplex auto
 speed auto
!
interface Cellular0/0/0
 ip address negotiated
 no ip unreachables
 ip nat outside
 ip virtual-reassembly in
 zone-member security WAN
 encapsulation slip
 load-interval 30
 dialer in-band
 dialer idle-timeout 0
 dialer string ltescript
 dialer watch-group 1
 async mode interactive
!
ip forward-protocol nd
!
no ip http server
no ip http secure-server
!
ip nat inside source route-map BACKUP interface Cellular0/0/0 overload
ip route 0.0.0.0 0.0.0.0 Cellular0/0/0
ip route 10.10.111.0 255.255.255.0 192.168.1.170
!
ip access-list extended SELF_WAN
 permit icmp any any echo
 permit udp any any eq bootps
 permit udp any any eq domain
 deny   ip any any
ip access-list extended WAN_LAN
 deny   ip any any
ip access-list extended WAN_SELF
 permit icmp any any echo-reply
 permit udp any any eq bootpc
 permit udp any eq domain any
 deny   ip any any
!
access-list 100 permit ip any any
dialer watch-list 1 ip 4.5.7.8 0.0.0.0
dialer watch-list 1 delay route-check initial 60
dialer watch-list 1 delay connect 1
!
route-map BACKUP permit 10
 match ip address 100
 match interface Cellular0/0/0
!
route-map clear-df permit 10
 set ip df 0
!
!
!
control-plane
!
!
!
line con 0
 exec-timeout 30 0
 logging synchronous
 login local
line aux 0
line 2
 no activation-character
 no exec
 transport preferred none
 transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
 stopbits 1
line 0/0/0
 script dialer ltescript
 modem InOut
 no exec
 transport input telnet
 rxspeed 100000000
 txspeed 50000000
line vty 0 4
 exec-timeout 30 0
 logging synchronous
 login local
 transport input ssh
!
scheduler allocate 20000 1000
!
end

Thank you 

Joseph