Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2251
Views
0
Helpful
0
Replies

4G LTE Failover Configuration

T_tow
Level 1
Level 1

‎03-01-2018 04:55 PM - edited ‎03-08-2019 02:05 PM

Ok so we're putting up a small branch and wanted to install 4G LTE failover.  I have a single 4451 wanting dual ISP links. At our other small branches we've just had another router doing DMVPN with EIGRP.  We want to do DMVPN with EIGRP over the 4G this time.  I getting conflicting configurations and haven't been able to get it going.  Are there any good configs or vids out there for this type of situation?  I ordered a public static address but I know you don't need one since it auto negotiates, which brings me to my next question.  At my hub we've been setting up crypto maps like so:

 

crypto map NAME 30 ipsec-isakmp
set peer (PUBLIC IP ADDRESS)
set transform-set NAME

 

If the 4G auto negotiates public addresses could I replace the public address with the cell interface?

Also I couldn't encapsulate slip.  Didn't give me the option and my cellular interface I'm using is cell0/2/0 but when I put in the line 0/2/0 command it says "No physical hardware support for line 26."

Any ideas where I'm going wrong?  Here's what I have thus far:  

 

 

!
vrf definition IWAN-TRANSPORT-5
!
address-family ipv4
exit-address-family
!
vrf definition Mgmt-intf
!
address-family ipv4
exit-address-family
!
address-family ipv6
exit-address-family
!
! card type command needed for slot/bay 0/1
!
no aaa new-model
clock timezone CDT -6 0
clock summer-time CDT recurring
!
!
!

no ip domain lookup

!
!
!
subscriber templating
!
multilink bundle-name authenticated
!
chat-script script LTE "" "AT!CALL1" TIMEOUT 30 "OK"
!
!
!
!
!
!
!
voice-card 0/4
no watchdog
!

!
spanning-tree extend system-id
!
username admin privilege 15 secret 5 $1$O9k1$ZfXH7/DQAyBRW2yVodQrH1
!
redundancy
mode none
!
!
!
!
controller Cellular 0/2/0
lte modem link-recovery rssi onset-threshold -110
lte modem link-recovery monitor-timer 20
lte modem link-recovery wait-timer 10
lte modem link-recovery debounce-count 6
!
!
vlan internal allocation policy ascending
!
!

!
crypto isakmp policy 10
encr aes 256
hash sha512
authentication pre-share
group 16
crypto isakmp key xxx address x.x.x.x no-xauth
!

crypto ipsec transform-set (NAME) esp-aes 256
mode tunnel
no crypto ipsec nat-transparency udp-encapsulation
!
!
!
crypto map (NAME)10 ipsec-isakmp
! Incomplete
set peer (HUB PUB ADD.)
! access-list has not been configured yet
set transform-set (NAME)
match address VPN-GRE
!
!
!
!
!
!
!
!
!
!
!
!
interface Loopback0
description GRE LOOPBACK FOR CRYPTO BINDING
ip address X.X.X.X  X.X.X.X
ip pim sparse-mode
!
interface Tunnel1

bandwidth 2000
ip address X.X.X.X  X.X.X.X
no ip redirects
ip mtu 1400
ip nhrp authentication XXXX
ip nhrp network-id 1
ip nhrp holdtime 600
ip nhrp nhs (HUB TUNNEL ADD.) nbma (HUB PUB ADD.) multicast
ip nhrp registration no-unique
ip nhrp shortcut
ip tcp adjust-mss 1360
if-state nhrp
tunnel source Cellular0/2/0
tunnel mode gre multipoint
tunnel key 2
tunnel vrf IWAN-TRANSPORT-5

 

!
interface GigabitEthernet0/0/1
description WAN UPLINK
no ip address
negotiation auto
!
interface GigabitEthernet0/0/1.800

encapsulation dot1Q 800
ip address x.x.x.x  x.x.x.x
no cdp enable

!
interface Cellular0/2/0
description INET4G FAILOVER VPN
bandwidth 2000
ip address negotiated
ip access-group ACL-INET-PUBLIC-4G in
shutdown
dialer in-band
dialer idle-timeout 30
dialer watch-group 1
pulse-time 1
ip virtual-reassembly
!
interface Cellular0/2/1
no ip address
!
interface Service-Engine0/4/0
!
interface GigabitEthernet0
vrf forwarding Mgmt-intf
no ip address
shutdown
negotiation auto
!
interface Vlan1
no ip address
shutdown
!
!
router eigrp 100

network  (tunnel address)

!
ip forward-protocol nd
no ip http server
no ip http secure-server
ip tftp source-interface GigabitEthernet0
ip route vrf IWAN-TRANSPORT-5 0.0.0.0 0.0.0.0 Cellular0/2/0
ip ssh version 2
!
!
ip access-list extended ACL-INET-PUBLIC-4G
permit udp any any eq non500-isakmp
permit udp any any eq isakmp
permit esp any any
permit udp any any eq bootpc
permit icmp any any echo
permit icmp any any echo-reply
permit icmp any any ttl-exceeded
permit icmp any any port-unreachable
permit udp any any gt 1023 ttl eq 1
ip access-list extended VPN-GRE
!

dialer watch-list 1 ip 127.0.0.255 255.255.255.255
dialer watch-list 1 delay route-check initial 60
dialer watch-list 1 delay connect 1

1 person had this problem
Labels:
0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents