2911 router + EHWIC-3G-HSPA+7-A=

Hej brugere af Eksperten.

Jeg er løbet ind i et størrer problem efter at vi har skiftet udstyr ud på vores skibe.

Lad mig beskrive mit SETUP:
1 Stk Cisco 2911 Router med 3G kort modul (EHWIC-3G-HSPA+7-A=)
3 stk Cisco 2960 SI switches.

I GIG 0/0 er der forbindelse til vores SAT.
Cell 0/0/0 har forbindelse til en lokal udbyder.

der er lagt en politik ind så hvis der er 3G skal den vælge den vej og hvis skibet er ude af havn skal den bruge SAT.

mit problem er at når skibet er i havn og jeg kan se på show cell 0/0/0 all alt der er forbindelse mm bruger den stadig kun SAT.

Efter en genstart ser det ud til at virke fint men så efter 5-60min skifter den til SAT og har svært ved at komme tilbage på 3G. kommer den tilbage er det kun i kort tid.

Router config:
hostname xxx

boot-start-marker
boot-end-marker

logging buffered 51200 warnings

aaa new-model

aaa authentication login default local
aaa authorization exec default local
aaa authorization network localgroups local

aaa session-id common

no ipv6 cef
ip source-route
ip cef

no ip domain lookup
ip domain name xxx
ip inspect name Firewall tcp
ip inspect name Firewall daytime
ip inspect name Firewall ddns-v3
ip inspect name Firewall dns
ip inspect name Firewall esmtp
ip inspect name Firewall exec
ip inspect name Firewall fragment maximum 256 timeout 1
ip inspect name Firewall ftp
ip inspect name Firewall ftps
ip inspect name Firewall gtpv0
ip inspect name Firewall gtpv1
ip inspect name Firewall h323
ip inspect name Firewall http
ip inspect name Firewall https
ip inspect name Firewall imap
ip inspect name Firewall imap3
ip inspect name Firewall imaps
ip inspect name Firewall ipass
ip inspect name Firewall ipsec-msft
ip inspect name Firewall isakmp
ip inspect name Firewall l2tp
ip inspect name Firewall microsoft-ds
ip inspect name Firewall nntp
ip inspect name Firewall ntp
ip inspect name Firewall pop3
ip inspect name Firewall pop3s
ip inspect name Firewall pptp
ip inspect name Firewall ssh
ip inspect name Firewall sshell
ip inspect name Firewall telnet
ip inspect name Firewall telnets
ip inspect name Firewall tftp
ip inspect name Firewall time
ip inspect name Firewall timed
ip inspect name Firewall udp

multilink bundle-name authenticated

chat-script gsm "" "AT!SCACT=1,1" TIMEOUT 60 "OK"
crypto pki token default removal timeout 0

crypto key generate rsa general modulus 2048

username admin privilege 15 secret 5 xxx
username viewonly view first secret 5 xxx

redundancy

crypto isakmp policy 1
encr 3des
authentication pre-share
group 2

crypto isakmp policy 100
encr 3des
hash md5
authentication pre-share
group 2
crypto isakmp key xxx address xxx no-xauth

crypto ipsec transform-set krypto esp-3des esp-sha-hmac
crypto ipsec transform-set pix-set esp-3des esp-md5-hmac

crypto map pix 100 ipsec-isakmp
set peer xxx
set transform-set pix-set
match address crypto

interface Loopback1
ip address xxx xxx
ip mtu 1380

interface Tunnel1
description GRE->xxx
ip address xxx xxx
ip mtu 1380
ip tcp adjust-mss 1300
ip ospf mtu-ignore
tunnel source Loopback1
tunnel destination xxx

interface Embedded-Service-Engine0/0
no ip address
shutdown

interface GigabitEthernet0/0
description Vsat
ip address xxx 255.255.255.0
ip access-group outside-in in
ip nbar protocol-discovery
ip flow ingress
ip nat outside
ip inspect Firewall out
ip virtual-reassembly in
duplex auto
speed auto
priority-group 1
crypto map pix
no shut

interface GigabitEthernet0/1
description Inside
no ip address
ip virtual-reassembly in
duplex auto
speed auto
no shut

interface GigabitEthernet0/1.5
description inside
encapsulation dot1Q 5
ip address xxx 255.255.255.0
ip access-group Admin-Acl in
ip nat inside
ip virtual-reassembly in

interface GigabitEthernet0/1.10
description crew
encapsulation dot1Q 10
ip address xxx 255.255.255.0
ip access-group Crew-Acl in
ip helper-address xxx
ip nat inside
ip virtual-reassembly in

interface GigabitEthernet0/1.15
description Client
encapsulation dot1Q 15
ip address xxx 255.255.255.0
ip access-group Client-Acl in
ip helper-address xxx
ip nat inside
ip virtual-reassembly in

interface Cellular0/0/0
ip address negotiated
ip nat outside
ip inspect Firewall out
ip virtual-reassembly in
encapsulation slip
dialer in-band
dialer string gsm
dialer-group 1
async mode interactive
priority-group 1
crypto map pix

cellular 0/0/0 gsm profile create 1 internetvpn chap void void

interface Cellular0/0/1
no ip address
encapsulation slip

router ospf 1
passive-interface default
no passive-interface Tunnel1
network xxx 0.0.0.3 area 0
network xxx 0.0.0.255 area 0
network xxx 0.0.0.255 area 0
network xxx 0.0.0.255 area 0

ip forward-protocol nd

ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000

ip nat inside source route-map natMap interface GigabitEthernet0/0 overload
ip nat inside source route-map natMapCell interface Cellular0/0/0 overload
ip route 0.0.0.0 0.0.0.0 xxx 254
ip route xxx 255.255.255.252 Cellular0/0/0
ip route xxx 255.255.255.252 xxx 50
ip route xxx 255.255.255.255 xxx
ip route xxx 255.255.255.255 Cellular0/0/0
ip route xxx 255.255.255.255 xxx 50
ip route xxx 255.255.255.255 Cellular0/0/0
ip route xxx 255.255.255.255 Cellular0/0/0

ip access-list extended Admin-Acl
permit ip xxx 0.0.0.255 xxx 0.0.0.255
deny  ip xxx 0.0.0.255 xxx 0.0.255.255
deny  ip xxx 0.0.0.255 xxx 0.0.255.255
permit ip any any

ip access-list extended Client-Acl
xxx
ip access-list extended Crew-Acl
xxx
ip access-list extended nat-list
xxx
ip access-list extended nat-list-cell
xxx
ip access-list extended outside-in
xxx

ip sla 1
icmp-echo xxx source-interface Cellular0/0/0
threshold 550
frequency 15
ip sla schedule 1 life forever start-time now
access-list 23 permit xxx 0.0.0.7
access-list 100 permit ip any any
dialer-list 1 protocol ip permit
dialer-list 10 protocol ip list 100

route-map natMapCell permit 10
match ip address nat-list-cell
match interface Cellular0/0/0

route-map natMap permit 10
match ip address nat-list
match interface GigabitEthernet0/0

line con 0
line aux 0
line 2
no activation-character
no exec
transport preferred none
transport input all
transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
stopbits 1
line 0/0/0
exec-timeout 0 0
script dialer gsm
modem InOut
no exec
rxspeed 21600000
txspeed 5760000
line 0/0/1
no exec
line vty 0 4
access-class 23 in
privilege level 15
transport input telnet ssh
line vty 5 15
access-class 23 in
privilege level 15
transport input telnet ssh

scheduler allocate 20000 1000
end