Urgent: VPN Registry: Disconnected.

Solved
Halil
Here to help

Urgent: VPN Registry: Disconnected.

Hello everybody,

 

I have an issue with our MX67. We have got two Uplinks and today I have to make a change to make our WAN 2 Uplink perform as our primary uplink. Before the change everything works fine and all VPN connections (Meraki and Non-Meraki Peers) work perfectly. When I change to WAN 2 as my Primary Uplink under SD-WAN and Traffic-Shaping -> Primary Uplink -> WAN 2 the Meraki Peer VPN connections seem to be up for some seconds but then they fail and I am getting the error VPN Registry: Disconnected. This security appliance is unable to connect to any VPN registries using outbound UDP port 9350.

So I checked the Meraki Documentation and added the recommend rule to be found under: 

https://documentation.meraki.com/MX/Site-to-site_VPN/Troubleshooting_VPN_Registration_for_Meraki_Aut...

After doing this my connections come up again and fail after some seconds. I tried to make this change two weeks ago and had the same issue. Meraki Call Support told me, that our ISP is blocking the inbound traffic on specific ports and my connections cannot stay up. This week I made sure, that no Ports are blocked (they were never blocked) and also connected my ISP about any connection refuses or restrictions. Currently on my ISP side every connection and traffic is allowed. 

Did anyone had the same issue before and has suggestions how to solve it. Every answer is welcome.

Thanks in Regards

1 Accepted Solution
Halil
Here to help

Hello Community Members,

 

we got a solution for this problem. After we swapped the primary MX with the secondary on Meraki Dashboard, all connections came up and everythinf worked fine again. I cannot see any reason or relate any point how this solved my issue but it worked. It seems like a bug.

View solution in original post

8 Replies 8
NolanHerring
Kind of a big deal

You can try having Meraki support move your ORG to one of the 'new' nodes. I did this because I was having issues initially with registry status, and after doing so it has been solid since.
Nolan Herring | nolanwifi.com
TwitterLinkedIn

I currently noticed that I dont have any internet connection on any of my clients. My MX is online and can ping google.com

Nash
Kind of a big deal

Oh, that's interesting in a bad way.

 

What happens if you run pcaps off your primary WAN interface and off LAN? I'd save them as a proper pcap and review in Wireshark.

 

What traffic do you see?

Nash
Kind of a big deal

I've also requested to have a network moved to a different registry, when the MX kept losing connectivity to the registry.

PhilipDAth
Kind of a big deal
Kind of a big deal

Does the internet connection attach directly to your MX so you have a public IP on the MX? 

Or does the MX get a private IP address because something else is doing NAT in front of it? 

Halil
Here to help

Hello Community Members,

 

we got a solution for this problem. After we swapped the primary MX with the secondary on Meraki Dashboard, all connections came up and everythinf worked fine again. I cannot see any reason or relate any point how this solved my issue but it worked. It seems like a bug.

JohnPaul
Getting noticed

We have an MX100 primary and secondary and at times it takes a reboot or two to get them to work again. This must be a bug?

I had the same problem and swapping the primary and secondary MX has solved the problem. Thank you!

Get notified when there are additional replies to this discussion.