Meraki

Halil · ‎Dec 17 2019

Hello everybody,

I have an issue with our MX67. We have got two Uplinks and today I have to make a change to make our WAN 2 Uplink perform as our primary uplink. Before the change everything works fine and all VPN connections (Meraki and Non-Meraki Peers) work perfectly. When I change to WAN 2 as my Primary Uplink under SD-WAN and Traffic-Shaping -> Primary Uplink -> WAN 2 the Meraki Peer VPN connections seem to be up for some seconds but then they fail and I am getting the error VPN Registry: Disconnected. This security appliance is unable to connect to any VPN registries using outbound UDP port 9350.

So I checked the Meraki Documentation and added the recommend rule to be found under:

https://documentation.meraki.com/MX/Site-to-site_VPN/Troubleshooting_VPN_Registration_for_Meraki_Aut...

After doing this my connections come up again and fail after some seconds. I tried to make this change two weeks ago and had the same issue. Meraki Call Support told me, that our ISP is blocking the inbound traffic on specific ports and my connections cannot stay up. This week I made sure, that no Ports are blocked (they were never blocked) and also connected my ISP about any connection refuses or restrictions. Currently on my ISP side every connection and traffic is allowed.

Did anyone had the same issue before and has suggestions how to solve it. Every answer is welcome.

Thanks in Regards

Halil · ‎Dec 29 2019

Hello Community Members,

we got a solution for this problem. After we swapped the primary MX with the secondary on Meraki Dashboard, all connections came up and everythinf worked fine again. I cannot see any reason or relate any point how this solved my issue but it worked. It seems like a bug.

View solution in original post

NolanHerring · ‎Dec 17 2019

You can try having Meraki support move your ORG to one of the 'new' nodes. I did this because I was having issues initially with registry status, and after doing so it has been solid since.

Nolan Herring | nolanwifi.com

Halil · ‎Dec 17 2019

I currently noticed that I dont have any internet connection on any of my clients. My MX is online and can ping google.com

Nash · ‎Dec 17 2019

Oh, that's interesting in a bad way.

What happens if you run pcaps off your primary WAN interface and off LAN? I'd save them as a proper pcap and review in Wireshark.

What traffic do you see?

Windows 10 Client VPN scripts: Makes life better!

Nash · ‎Dec 17 2019

I've also requested to have a network moved to a different registry, when the MX kept losing connectivity to the registry.

Windows 10 Client VPN scripts: Makes life better!

PhilipDAth · ‎Dec 17 2019

Does the internet connection attach directly to your MX so you have a public IP on the MX?

Or does the MX get a private IP address because something else is doing NAT in front of it?

Halil · ‎Dec 29 2019

Hello Community Members,

we got a solution for this problem. After we swapped the primary MX with the secondary on Meraki Dashboard, all connections came up and everythinf worked fine again. I cannot see any reason or relate any point how this solved my issue but it worked. It seems like a bug.

JohnPaul · ‎Jan 29 2020

We have an MX100 primary and secondary and at times it takes a reboot or two to get them to work again. This must be a bug?

Schultz · ‎Mar 23 2023

I had the same problem and swapping the primary and secondary MX has solved the problem. Thank you!

Meraki

Community

Urgent: VPN Registry: Disconnected.

Urgent: VPN Registry: Disconnected.