07-21-2009 06:46 AM - edited 03-04-2019 05:30 AM
I am working on an issue with 3G where the connection drops periodically over an IPSEC tunnel. The signal in the area is strong but when this happens the ip address of the 3G card drops and has to be renegotiated. Verizon, the provider says that a possibility could be that the verizon network is seeing our private network (10.X.X.X) and dropping our connection. I don't know how accurate this is because we are not doing any split tunneling or NAT anywhere. However, I am willing to try anything to resolve this. I was told that there may be stateful commands to put in the router to make sure Verizon doesn't see the private network. Any Ideas as to what these might be?
Here are my cellular interface commands...
interface Cellular0/2/0
ip address negotiated
ip access-group inbound in
ip access-group outbound out
ip virtual-reassembly
encapsulation ppp
dialer in-band
dialer idle-timeout 100000 either
dialer string cdma
dialer-group 1
async mode interactive
ppp authentication chap callin
ppp chap hostname 1112223333@vzw3g.com
ppp chap password 7 4682jj
crypto map ipsectunnel
!
Again, any help would be greatly appreciated.
07-27-2009 05:22 AM
That's a very interesting paper RT. Thanks!
07-24-2009 09:37 AM
Sorry that wasn't any help for you, but now that I've removed ip virtual-reassembly from all interfaces, the connection has been rock solid, even with less than optimal signal. I've only got 2-3 bars at my desk. I'm taking it home with me this weekend to see how it performs in the sticks.
I'm strictly using VPN, so there's no way for the carrier to see any RFC 1918 addresses; only the ISAKMP and IPSEC between the endpoints of the tunnel are hitting the carrier network.
07-27-2009 05:24 AM
I do believe the IP V-R wasn't helping anything.
07-29-2009 07:27 AM
I've tried all these solutions and nothing is working. I'm beginning to be convinced that IPSEC and Vorizen 3G aren't that compatable. Does anybody have a good article on setting up GRE? I have a 2811 with advanced security I can set up here since I've only got 10 sites connected 3G.
07-30-2009 12:16 AM
This article is extensive but should have all the info you need.
The 2811 with Advanced Security is good for what you want to do and is capable of making these type of connections
08-06-2009 12:32 PM
Just an update to this situation for anyone who may be experiencing the same issues. I talked with the Verizon network and they said that the line is experiencing an IP Source Violation. I am going to be setting up a monitor with them tonight to see if the IP in issue will show itself. If I get a fix on this I will post it.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: