Hello All

I have a customer that has several sites all over the world and they want to use 3G and possibly 4G (where available) as  a backup vpn solution.

I need some assistance/ guidance in configuring the cellular radio and configuring the vpn (dynamic ip)to work over the wwan.

Countries involved are France, Spain, Australia, Thailand and Malaysia.

I understand that I will need the APN credentials from the service provider. Is this normally the same for 3g and 4g?

Do I get chat scripts from them to?

My vpn gateway in the HQ is a Cisco multi-context asa so I can't configure remote access. Can I possibly use the 1921 as a  hardware client?

I have seen the following urls. One has the 3g router as a remote access vpn but I guess this won't work in my scenario.

The other is between ios router and asa which I think will work. I don't need nat on the 3g/4g router but will I need 

http://www.networking-forum.com/blog/?p=708  . Will I need this for all the sub-interfaces I configure on the router

interface Vlan1
 description LAN	
 ip address 10.0.0.14 255.255.255.240
 no ip redirects
 no ip proxy-arp
 ip tcp adjust-mss 1452
 crypto ipsec client ezvpn ASA inside

Remote access reference in config:

group-policy 3GPolicy attributes
 vpn-tunnel-protocol IPSec 
 password-storage enable
 nem enable

tunnel-group 3GRAGroup type remote-access
tunnel-group 3GRAGroup general-attributes
 authorization-server-group LOCAL
 default-group-policy 3GPolicy
tunnel-group 3GRAGroup ipsec-attributes
 pre-shared-key **Same key as the ASA profile on the 881**
!

http://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/112075-dynamic-ipsec-asa-router-ccp.html 

Anyone got a helpful configuration and guide?

Thanks

Feisal