Hi All!

You have all been so helpful in the past and helped me on my learning journey, would you be able to help me out of a pickle this time?

I have a C921-4PLTEGB with an EE unlimited data sim inserted. It appears to be connected to the cellular network with a good signal.

rtr-h000706#sh cell 0 all
Hardware Information
====================
Modem Firmware Version = SWI9X07Y_02.28.03.03 000
Modem Firmware built = 2019/05/21 03:33:04
Device Model ID: WP7607
International Mobile Subscriber Identity (IMSI) = 234304187782873
International Mobile Equipment Identity (IMEI) = 351732090719645
Integrated Circuit Card ID (ICCID) = 8944303432926954100
Mobile Subscriber Integrated Services
Digital Network-Number (MSISDN) = 07904957342
Factory Serial Number (FSN) = V3109585860610
Modem Status = Online
Current Modem Temperature = 43 deg C
PRI SKU ID = 1103508, PRI version = 002.068_000, Carrier = Generic
OEM PRI version = 001.006

Profile Information
====================
Profile password Encryption level: 7


Profile 1 = ACTIVE* **
--------
PDP Type = IPv4
PDP address = 10.241.18.229
Access Point Name (APN) = everywhere
Authentication = CHAP
Username: eesecure
Password: 1404170819162F
        Primary DNS address = 109.249.185.228
        Secondary DNS address = 109.249.185.229

  * - Default profile
 ** - LTE attach profile


Data Connection Information
===========================
Profile 1, Packet Session Status = ACTIVE
        Cellular0:
        Data Transmitted = 31030 bytes, Received = 8540 bytes
        IP address = 10.241.18.229
        Primary DNS address = 109.249.185.228
        Secondary DNS address = 109.249.185.229
Profile 2, Packet Session Status = INACTIVE
Profile 3, Packet Session Status = INACTIVE
Profile 4, Packet Session Status = INACTIVE
Profile 5, Packet Session Status = INACTIVE
Profile 6, Packet Session Status = INACTIVE
Profile 7, Packet Session Status = INACTIVE
Profile 8, Packet Session Status = INACTIVE
Profile 9, Packet Session Status = INACTIVE
Profile 10, Packet Session Status = INACTIVE
Profile 11, Packet Session Status = INACTIVE
Profile 12, Packet Session Status = INACTIVE
Profile 13, Packet Session Status = INACTIVE
Profile 14, Packet Session Status = INACTIVE
Profile 15, Packet Session Status = INACTIVE
Profile 16, Packet Session Status = INACTIVE

Network Information
===================
Current System Time = Sun Jan 6 16:20:34 1980
Current Service Status = Normal
Current Service = Packet switched
Current Roaming Status = Home
Network Selection Mode = Automatic
Network = EE
Mobile Country Code (MCC) = 234
Mobile Network Code (MNC) = 30
Packet switch domain(PS) state = Attached
Registration state(EMM) = Registered
EMM Sub State = Normal Service
Tracking Area Code (TAC) = 10935
Cell ID = 2821127
Negotiated network MTU = 1500

Radio Information
=================
Radio power mode = online
LTE Rx Channel Number =  3350
LTE Tx Channel Number =  21350
LTE Band =  7
LTE Bandwidth = 20 MHz
Current RSSI = -77 dBm
Current RSRP = -103 dBm
Current RSRQ = -7 dB
Current SNR = 18.2  dB
Physical Cell Id = 0x199
Number of nearby cells = 1
Idx      PCI (Physical Cell Id)
--------------------------------
1              409
Radio Access Technology(RAT) Preference = AUTO
Radio Access Technology(RAT) Selected = LTE

Modem Security Information
==========================
Card Holder Verification (CHV1) = Disabled
SIM Status = OK
SIM User Operation Required = None
Number of CHV1 Retries remaining = 3

Cellular Firmware List
==========================
 Idx Carrier      FwVersion    PriVersion   Status
 1   GENERIC      02.28.03.03  002.068_000  Active

Firmware Activation mode : AUTO

FOTA Information
================
FOTA server poll timer (mins) = Disable
FOTA server connection retry value = 0
FOTA status = Please re-configure FOTA poll timer


SMS Information
===============
Incoming Message Information
----------------------------
SMS stored in modem = 4
SMS archived since booting up = 0
Total SMS deleted since booting up = 0
Storage records allocated = 25
Storage records used = 4
Number of callbacks triggered by SMS = 0
Number of successful archive since booting up = 0
Number of failed archive since booting up = 0

Outgoing Message Information
----------------------------
Total SMS sent successfully = 0
Total SMS send failure = 0
Number of outgoing SMS pending = 0
Number of successful archive since booting up = 0
Number of failed archive since booting up = 0
Last Outgoing SMS Status = SUCCESS
Copy-to-SIM Status =     0x0
Send-to-Network Status = 0x0
Report-Outgoing-Message-Number:
  Reference Number =     0
  Result Code =          0x0
  Diag Code =            0x0 0x0 0x0 0x0 0x0

SMS Archive URL =

Error Information
=================

No crash info to display


Modem Crashdump Information
===========================
WIC type is 00
Cellular0 is WP76XX based
Modem crashdump logging: off

Packet drop stats
=================

Source IP violation stats:
 Could not retrieve the stats now. Retry later.

However my VPN connection back to our HQ will not establish. I have compared the config on this device with a currently active device and they are identical. 

Current configuration : 4741 bytes
!
version 15.8
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname rtr-h000706
!
boot-start-marker
boot-end-marker
!
!
enable secret 5 $1$BGhi$dRAhi2D16TQsmruuEhHo5/
!
aaa new-model
!
!
aaa authentication login default local
aaa authentication enable default enable
aaa authorization exec default local
!
!
!
!
!
!
aaa session-id common
clock timezone gmt 0 0
clock summer-time gmt recurring
!
!
!
!
!
!
!
!
!
!
!
ip domain name x.local
ip name-server 10.11.2.5
ip cef
ipv6 unicast-routing
ipv6 cef
!
multilink bundle-name authenticated
!
chat-script lte "" "AT!CALL" TIMEOUT 20 "OK"
!
!
license udi pid C921-4PLTEGB sn PSZ25161BLZ
!
!
object-group network x-IPs
 host x.x.x.x
 host x.x.x.x
!
username x privilege 15 secret 5 $1$xyQI$80qrxxxxaWbOsWCvr/
username x privilege 2 secret 5 $1$xs4K$xxxxGKe2AjBEe0FL.
username x privilege 2 secret 5 $1$zs.K$E./AxxxS2PweIgGMwP7pT.
!
redundancy
!
crypto ikev2 proposal Prop-HQ-VPN
 encryption aes-cbc-256
 integrity sha256
 group 21
!
crypto ikev2 policy POL-HQ-VPN
 proposal Prop-HQ-VPN
!
crypto ikev2 keyring keyring-1
 peer x-hq
  address x.x.x.x
  pre-shared-key local xxxx
  pre-shared-key remote xxxx
 !
!
!
crypto ikev2 profile PROFILE-HQ-VPN
 match identity remote address x.x.x.x 255.255.255.255
 identity local fqdn rtr-h000706.x.local
 authentication remote pre-share
 authentication local pre-share
 keyring local keyring-1
!
no crypto ikev2 diagnose error
crypto ikev2 dpd 500 50 on-demand
no crypto ikev2 certificate-cache
!
!
controller Cellular 0
 lte sim data-profile 1 attach-profile 1
 lte modem crash-action boot-and-hold
!
!
crypto logging ikev2
!
crypto isakmp policy 1
 encr aes 256
 hash sha256
 authentication pre-share
 group 21
crypto isakmp keepalive 10 periodic
!
crypto ipsec security-association lifetime seconds 86400
!
crypto ipsec transform-set TS-HQ-VPN esp-aes 256 esp-sha256-hmac
 mode tunnel
!
crypto ipsec profile PROFILE-ipsec
 set pfs group21
 set ikev2-profile PROFILE-HQ-VPN
!
!
!
crypto map CMAP-x-HQ 1 ipsec-isakmp
 set peer x.x.x.x
 set security-association lifetime seconds 86400
 set transform-set TS-HQ-VPN
 set ikev2-profile PROFILE-HQ-VPN
 match address VPN-TRAFFIC
!
!
!
!
!
interface Cellular0
 ip address negotiated
 encapsulation slip
 dialer in-band
 dialer idle-timeout 0
 dialer string lte
 dialer-group 1
 ipv6 address autoconfig
 async mode interactive
 crypto map CMAP-x-HQ
!
interface GigabitEthernet0
 switchport access vlan 115
 no ip address
!
interface GigabitEthernet1
 switchport access vlan 115
 no ip address
!
interface GigabitEthernet2
 switchport access vlan 115
 no ip address
!
interface GigabitEthernet3
 switchport access vlan 115
 no ip address
!
interface GigabitEthernet4
 no ip address
 shutdown
 duplex auto
 speed auto
!
interface GigabitEthernet5
 no ip address
 shutdown
 duplex auto
 speed auto
!
interface Vlan1
 no ip address
 shutdown
!
interface Vlan115
 ip address 10.11.115.254 255.255.255.0
 ip helper-address 10.11.202.1
 no ip proxy-arp
 ip nbar protocol-discovery
 ip tcp adjust-mss 1452
 load-interval 30
!
no ip forward-protocol nd
no ip http server
ip http authentication local
no ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
!
ip route 0.0.0.0 0.0.0.0 Cellular0
!
ip access-list extended LOCKDOWN-IN
 permit udp any any eq bootps
 permit udp any any eq bootpc
 permit gre object-group x-IPs any
 permit esp object-group x-IPs any
 permit ahp object-group x-IPs any
 permit ip object-group x-IPs any
ip access-list extended VPN-TRAFFIC
 permit ip 10.11.115.0 0.0.0.225 any
!
dialer-list 1 protocol ip permit
!
!
snmp-server community x-ro RO
snmp-server location x
snmp-server contact Group IT
snmp-server chassis-id rtr-h000706
!
!
!
control-plane
!
privilege exec level 2 show startup-config
privilege exec level 2 show
banner motd ^C
*************************************************************
*                                                           *
* This device is owned and managed by x. *
* Unauthorized access is strictly prohibited.               *
*                                                           *
*************************************************************
^C
!
line con 0
 privilege level 15
line 3
 script dialer lte
 no exec
 rxspeed 100000000
 txspeed 50000000
line vty 0 4
 exec-timeout 1440 0
 privilege level 15
 transport input ssh
line vty 5 15
 exec-timeout 1440 0
 privilege level 15
 transport input ssh
!
scheduler allocate 20000 1000
ntp server ntp.x.local source Cellular0
!
end

Is there anything that stands out here that would prevent it from connecting?

rtr-h000706#sh cry sess
Crypto session current status

Interface: Cellular0
Session status: DOWN
Peer: x.x.x.x port 500
  IPSEC FLOW: permit ip 10.11.115.0/255.255.255.30 0.0.0.0/0.0.0.0
        Active SAs: 0, origin: crypto map

rtr-h000706#
*Jul 27 07:41:34.747: ISAKMP-ERROR: (0):No peer struct to get peer descriptionshow crypto isakmp sa
IPv4 Crypto ISAKMP SA
dst             src             state          conn-id status

IPv6 Crypto ISAKMP SA

rtr-h000706#show crypto ipsec sa

interface: Cellular0
    Crypto map tag: CMAP-HGL-HQ, local addr 10.241.18.229

   protected vrf: (none)
   local  ident (addr/mask/prot/port): (10.11.115.0/255.255.255.30/0/0)
   remote ident (addr/mask/prot/port): (0.0.0.0/0.0.0.0/0/0)
   current_peer x.x.x.x port 500
     PERMIT, flags={origin_is_acl,}
    #pkts encaps: 0, #pkts encrypt: 0, #pkts digest: 0
    #pkts decaps: 0, #pkts decrypt: 0, #pkts verify: 0
    #pkts compressed: 0, #pkts decompressed: 0
    #pkts not compressed: 0, #pkts compr. failed: 0
    #pkts not decompressed: 0, #pkts decompress failed: 0
    #send errors 0, #recv errors 0

     local crypto endpt.: 10.241.18.229, remote crypto endpt.: x.x.x.x
     plaintext mtu 1500, path mtu 1500, ip mtu 1500, ip mtu idb Cellular0
     current outbound spi: 0x0(0)
     PFS (Y/N): N, DH group: none

     inbound esp sas:

     inbound ah sas:

     inbound pcp sas:

     outbound esp sas:

     outbound ah sas:

     outbound pcp sas:

rtr-h000706#show crypto engine connection active
Crypto Engine Connections

   ID  Type    Algorithm           Encrypt  Decrypt LastSeqN IP-Address

This is the only error message that I am getting that I can see. 

Can anyone suggest where I start with this? 

rtr-h000706#
*Jul 27 07:41:34.747: ISAKMP-ERROR: (0):No peer struct to get peer description

Thanks in advance wonderful people!