!***
service internal (enables LTE test cell enable mode commands)
chat-script ltescript "" "AT!CALL1" TIMEOUT 20 "OK" (make data call)
!***IKE/IPsec DMVPN hub definition
crypto isakmp policy 1 (IKE/IPsec phase 1 Def)
encr aes
authentication pre-share
group 2 (diffie helman group)
crypto isakmp key DaKey address xx.yy.zz.aa (use with this addr (can be 0.0.0.0 0.0.0.0))
crypto ipsec transform-set TRANSFORMSET_1 esp-aes esp-sha-hmac (ike phase 2
crypto ipsec profile SDM_Profile1
set transform-set TRANSFORMSET_1
!***Tunnel interface for DMVPN
interface Tunnel0
description $FW_INSIDE$
bandwidth 1000 (set bw for int to 1 meg or whatever is allowed)
ip address 10.1.2.1 255.255.255.0 (gre addr?)
no ip redirects (int/rtr cannot send icmp redirects)
no ip unreachables (int/rtr cannot snd icmp unreachables - sec measure)
no ip proxy-arp (can't advertise for other addr ranges)
ip hello-interval eigrp 1 300 (adjust hello interval to conform to Verizon Contract)
ip hold-time eigrp 1 600 (how long rtr considers neighbor alive without receiving hello packet)
ip policy route-map clear-df (clear 'do not fragment' bit)
ip nhrp authentication NhRpKeY
ip nhrp map 10.10.1.1 xx.yy.zz.aa (in order to get to this gre addr go here)
ip nhrp map multicast xx.yy.zz.aa (optional multicast map)
ip nhrp network-id 123451
ip nhrp holdtime 3600 (how many seconds to stay up waiting for hello)
ip nhrp nhs xx.yy.zz.aa (next hop server - central)
ip nhrp registration no-unique
ip route-cache flow
delay 1000 (delay param for eigrp - increase to make less attractive)
qos pre-classify (apply qos to internal packet not tunnel)
tunnel source GigabitEthernet0/0
tunnel destination xx.yy.zz.aa
mode gre multipoint (optional if you want dynamic multipoint)
tunnel key 100000
tunnel protection ipsec profile SDM_Profile1
ip mtu 1400 (optional if need to adjust for encaps gre ipsec etc may put in ext interface...)
ip tcp adjust-mss 1360 (optional if need to adjust for encaps gre ipsec etc may put in ext interface)
!***
interface Loopback1
ip address 10.2.3.9 255.255.255.255
!
interface GigabitEthernet0/0
ip address 10.20.30.1 255.255.255.0
ip tcp adjust-mss 1300
ip policy route-map clear-df (map below)
!
interface GigabitEthernet0/1
ip address 10.20.40.1 255.255.255.0
ip tcp adjust-mss 1300
ip policy route-map clear-df (map below)
!*** Cellular interface
interface Cellular0/0/0
ip address negotiated (receives Pool/WAN IP (dyn or stat) from P-GW)
no ip unreachables
encapsulation slip (or ppp)
load-interval 30 (what are average load-interval stats calculated over)
dialer in-band (cfgs int to supp dial on demand rtng, specifies that chat script be used for dialing out)
dialer idle-timeout 0 (avoid disconnection of ppp/slip connection in event that no traffic for a specified time)
dialer enable-timeout 6 (how long interface remains down when it goes down)
dialer string ltescript (what script is called to bring up interface)
dialer watch-group 1 (watchdialer watch-list 8 to see if that route goes away, before bringing up this interface)
async mode interactive (enables slip and ppp commands in privileged EXEC mode)
!***
router eigrp 1
network 10.0.0.0
no auto-summary
!***static route allowing traffic for DMVPN head end out LTE connection. No other traffic permitted
ip route xx.yy.zz.aa 255.255.255.255 Cellular 0.0.0.0
!***Route map clears DF bit for packets exiting LTE interfaces
route-map clear-df permit 10
set ip df 0
!***what route to watch to trigger Dial-on-Demand for Cellular interface
dialer watch-list 1 ip a.b.c.d 0.0.0.0
dialer watch-list 1 delay route-check initial 60 (check whether route is up 60 seconds after startup)
dialer watch-list 1 delay connect 1 (wait 1 second to verify primary link is still down before dialing secondary link)
!***
line 0/0/0 (actual line that comes with cell interface)
script dialer ltescript (add chat script to the line as well as the cellular interface)
modem InOut
no exec
transport input telnet