04-25-2013 09:51 AM
The tunnel connection is establishing correctly but when i change the priority in he hsrp configuration of my gig 0.1 interface to be the active on this router the cellular 0/0/0 interface goes down, by the way this is going to be my redundancy.
This is the configuration that i got
chat-script lte "" "AT!CALL1" TIMEOUT 60 "OK"
crypto isakmp policy 2
authentication pre-share
crypto isakmp key cisco123 address 67.21.161.218
!
!
crypto ipsec transform-set ASA-IPSEC esp-des esp-sha-hmac
!
crypto map bars01 1 ipsec-isakmp
description Tunnel toCOrp
set peer 67.21.161.218
set transform-set ASA-IPSEC
set pfs group1
match address 100
interface GigabitEthernet0/0.1
description Legacy vlan
encapsulation dot1Q 1 native
ip address 10.141.116.252 255.255.255.0
standby 0 ip 10.141.116.250
standby 0 priority 105
standby 0 preempt
ip tcp adjust-mss 1395
interface Cellular0/0/0
ip address 166.258.14.27 255.255.255.0
ip virtual-reassembly in
encapsulation slip
dialer in-band
dialer idle-timeout 2147483
dialer string lte
dialer-group 1
async mode interactive
crypto map bars01
ip nat inside source route-map nonat interface Cellular0/0/0 overload
ip route 0.0.0.0 0.0.0.0 Cellular0/0/0
ip route 67.21.161.218 255.255.255.255 Cellular0/0/0
access-list 100 permit ip 10.141.116.0 0.0.0.255 192.168.100.0 0.0.0.255
access-list 100 permit ip 10.141.116.0 0.0.0.255 140.140.251.0 0.0.0.255
access-list 100 deny ip any any
access-list 110 deny ip 10.141.116.0 0.0.0.255 140.140.251.0 0.0.0.255
access-list 110 deny ip 10.141.116.0 0.0.0.255 192.168.100.0 0.0.0.255
access-list 110 permit ip 10.141.116.0 0.0.0.255 any
dialer-list 1 protocol ip permit
!
!
!
!
route-map nonat permit 10
match ip address 110
I will appreciate your help
Thanks a lot
04-29-2013 05:59 PM
Hi David,
As per the mentioned issue you might be seeing the below logs on the logging console.
Apr 2 14:49:49.209: LINEPROTO-5-UPDOWN Line protocol on Interface Cellular0/1/0, changed state to down Apr 2 14:49:53.237: LINK-3-UPDOWN Interface Cellular0/1/0, changed state to down Apr 2 14:50:15.121: LINK-3-UPDOWN Interface Cellular0/1/0, changed state to up Apr 2 14:50:16.121: LINEPROTO-5-UPDOWN Line protocol on Interface Cellular0/1/0, changed state to up
Please try the below workaround.
step 1: create an acl to permit your public ip to any
access-list 147 permit ip host
eg:
access-list 147 permit ip host 166.258.14.27 any
apply the acl out bound on the interface
step 2: Apply the acl out bound on the interface
interface Cellular0/0/0
ip access-group 147 out
The ISP expects your public ip as the source and hence it resets the interface.
hope it helps !!!!!!!!! in resolving your issue.
Thanks and regards,
Rohan
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide