2911 router + EHWIC-3G-HSPA+7-A=
Hej brugere af Eksperten.Jeg er løbet ind i et størrer problem efter at vi har skiftet udstyr ud på vores skibe.
Lad mig beskrive mit SETUP:
1 Stk Cisco 2911 Router med 3G kort modul (EHWIC-3G-HSPA+7-A=)
3 stk Cisco 2960 SI switches.
I GIG 0/0 er der forbindelse til vores SAT.
Cell 0/0/0 har forbindelse til en lokal udbyder.
der er lagt en politik ind så hvis der er 3G skal den vælge den vej og hvis skibet er ude af havn skal den bruge SAT.
mit problem er at når skibet er i havn og jeg kan se på show cell 0/0/0 all alt der er forbindelse mm bruger den stadig kun SAT.
Efter en genstart ser det ud til at virke fint men så efter 5-60min skifter den til SAT og har svært ved at komme tilbage på 3G. kommer den tilbage er det kun i kort tid.
Router config:
hostname xxx
boot-start-marker
boot-end-marker
logging buffered 51200 warnings
aaa new-model
aaa authentication login default local
aaa authorization exec default local
aaa authorization network localgroups local
aaa session-id common
no ipv6 cef
ip source-route
ip cef
no ip domain lookup
ip domain name xxx
ip inspect name Firewall tcp
ip inspect name Firewall daytime
ip inspect name Firewall ddns-v3
ip inspect name Firewall dns
ip inspect name Firewall esmtp
ip inspect name Firewall exec
ip inspect name Firewall fragment maximum 256 timeout 1
ip inspect name Firewall ftp
ip inspect name Firewall ftps
ip inspect name Firewall gtpv0
ip inspect name Firewall gtpv1
ip inspect name Firewall h323
ip inspect name Firewall http
ip inspect name Firewall https
ip inspect name Firewall imap
ip inspect name Firewall imap3
ip inspect name Firewall imaps
ip inspect name Firewall ipass
ip inspect name Firewall ipsec-msft
ip inspect name Firewall isakmp
ip inspect name Firewall l2tp
ip inspect name Firewall microsoft-ds
ip inspect name Firewall nntp
ip inspect name Firewall ntp
ip inspect name Firewall pop3
ip inspect name Firewall pop3s
ip inspect name Firewall pptp
ip inspect name Firewall ssh
ip inspect name Firewall sshell
ip inspect name Firewall telnet
ip inspect name Firewall telnets
ip inspect name Firewall tftp
ip inspect name Firewall time
ip inspect name Firewall timed
ip inspect name Firewall udp
multilink bundle-name authenticated
chat-script gsm "" "AT!SCACT=1,1" TIMEOUT 60 "OK"
crypto pki token default removal timeout 0
crypto key generate rsa general modulus 2048
username admin privilege 15 secret 5 xxx
username viewonly view first secret 5 xxx
redundancy
crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
crypto isakmp policy 100
encr 3des
hash md5
authentication pre-share
group 2
crypto isakmp key xxx address xxx no-xauth
crypto ipsec transform-set krypto esp-3des esp-sha-hmac
crypto ipsec transform-set pix-set esp-3des esp-md5-hmac
crypto map pix 100 ipsec-isakmp
set peer xxx
set transform-set pix-set
match address crypto
interface Loopback1
ip address xxx xxx
ip mtu 1380
interface Tunnel1
description GRE->xxx
ip address xxx xxx
ip mtu 1380
ip tcp adjust-mss 1300
ip ospf mtu-ignore
tunnel source Loopback1
tunnel destination xxx
interface Embedded-Service-Engine0/0
no ip address
shutdown
interface GigabitEthernet0/0
description Vsat
ip address xxx 255.255.255.0
ip access-group outside-in in
ip nbar protocol-discovery
ip flow ingress
ip nat outside
ip inspect Firewall out
ip virtual-reassembly in
duplex auto
speed auto
priority-group 1
crypto map pix
no shut
interface GigabitEthernet0/1
description Inside
no ip address
ip virtual-reassembly in
duplex auto
speed auto
no shut
interface GigabitEthernet0/1.5
description inside
encapsulation dot1Q 5
ip address xxx 255.255.255.0
ip access-group Admin-Acl in
ip nat inside
ip virtual-reassembly in
interface GigabitEthernet0/1.10
description crew
encapsulation dot1Q 10
ip address xxx 255.255.255.0
ip access-group Crew-Acl in
ip helper-address xxx
ip nat inside
ip virtual-reassembly in
interface GigabitEthernet0/1.15
description Client
encapsulation dot1Q 15
ip address xxx 255.255.255.0
ip access-group Client-Acl in
ip helper-address xxx
ip nat inside
ip virtual-reassembly in
interface Cellular0/0/0
ip address negotiated
ip nat outside
ip inspect Firewall out
ip virtual-reassembly in
encapsulation slip
dialer in-band
dialer string gsm
dialer-group 1
async mode interactive
priority-group 1
crypto map pix
cellular 0/0/0 gsm profile create 1 internetvpn chap void void
interface Cellular0/0/1
no ip address
encapsulation slip
router ospf 1
passive-interface default
no passive-interface Tunnel1
network xxx 0.0.0.3 area 0
network xxx 0.0.0.255 area 0
network xxx 0.0.0.255 area 0
network xxx 0.0.0.255 area 0
ip forward-protocol nd
ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat inside source route-map natMap interface GigabitEthernet0/0 overload
ip nat inside source route-map natMapCell interface Cellular0/0/0 overload
ip route 0.0.0.0 0.0.0.0 xxx 254
ip route xxx 255.255.255.252 Cellular0/0/0
ip route xxx 255.255.255.252 xxx 50
ip route xxx 255.255.255.255 xxx
ip route xxx 255.255.255.255 Cellular0/0/0
ip route xxx 255.255.255.255 xxx 50
ip route xxx 255.255.255.255 Cellular0/0/0
ip route xxx 255.255.255.255 Cellular0/0/0
ip access-list extended Admin-Acl
permit ip xxx 0.0.0.255 xxx 0.0.0.255
deny ip xxx 0.0.0.255 xxx 0.0.255.255
deny ip xxx 0.0.0.255 xxx 0.0.255.255
permit ip any any
ip access-list extended Client-Acl
xxx
ip access-list extended Crew-Acl
xxx
ip access-list extended nat-list
xxx
ip access-list extended nat-list-cell
xxx
ip access-list extended outside-in
xxx
ip sla 1
icmp-echo xxx source-interface Cellular0/0/0
threshold 550
frequency 15
ip sla schedule 1 life forever start-time now
access-list 23 permit xxx 0.0.0.7
access-list 100 permit ip any any
dialer-list 1 protocol ip permit
dialer-list 10 protocol ip list 100
route-map natMapCell permit 10
match ip address nat-list-cell
match interface Cellular0/0/0
route-map natMap permit 10
match ip address nat-list
match interface GigabitEthernet0/0
line con 0
line aux 0
line 2
no activation-character
no exec
transport preferred none
transport input all
transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
stopbits 1
line 0/0/0
exec-timeout 0 0
script dialer gsm
modem InOut
no exec
rxspeed 21600000
txspeed 5760000
line 0/0/1
no exec
line vty 0 4
access-class 23 in
privilege level 15
transport input telnet ssh
line vty 5 15
access-class 23 in
privilege level 15
transport input telnet ssh
scheduler allocate 20000 1000
end