Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

3G HWIC won't connect with crypto map applied

I have a 1921 with a 3G HWIC activated for use on Verizon's 3G service.  The interface will not come up and connect if my crypto map is applied.  I can remove the crypto map and the interface immediately comes up.  I can reapply the crypto map and the tunnel back to my hq ASA comes and stays up passing traffic until there is no traffic and the interface times out.  Could it be due to the nat statement which I maynot need since all traffic from the LAN will pass through the tunnel. Do I need to configure a separate dialer interface for the crypto map?  Oddly I have 3G HWIC's activated on ATT with almost the exact configuration and they work perfectly.  I was thinking it might be something with the order of PPP negotiation on Verizon.  Any thoughts? Thanks in advance!

crypto isakmp policy 1

encr aes 256

authentication pre-share

group 2

crypto isakmp key TrustNoOne address  no-xauth



crypto ipsec transform-set ESP-AES256-SHA esp-aes 256 esp-sha-hmac



crypto map outside_cryptomap 10 ipsec-isakmp

set peer

set transform-set ESP-AES256-SHA

match address vpn_to_ASA

interface Cellular0/1/0

description ***** Verizon EVDO Air Card Interface *****

ip address negotiated

ip nat outside

ip nat enable

ip virtual-reassembly in161

encapsulation ppp

dialer in-band

dialer idle-timeout 0

dialer string EVDO

dialer-group 1

async mode interactiveconf

ppp chap password 0 vzw

ppp ipcp dns request

crypto map outside_cryptomap

ip access-list extended vpn_to_ASA

permit ip 10.x.x.x any

dialer-list 1 protocol ip list 1