VPN Registry Disconnected

JonasResende
Comes here often

VPN Registry Disconnected

Hi,

 

I have a situation at my customer where is being used two Internet connections. 

 

Internet1 has gone down, keeping traffic over Internet2. Even with Internet2 up, the VPN Registry was in Disconnected mode, but the VPN status was showing as up.

 

JonasResende_0-1618345242832.png

 

 

After I force Internet2 as primary uplink and disable Active-Active Auto VPN, VPN registry has come back to Connected state again.

 

My doubt is: even if Internet1 is down and VPN registry in disconnected state, would the traffic data between spoke and hub site working normally?

3 REPLIES 3
Inderdeep
Head in the Cloud

Re: VPN Registry Disconnected

@JonasResende : I saw that type of issue earlier here and the resolution is by reboot the upstream modem/router equipment and if that doesn't resolve reboot the MX.

 

See this issue log 

https://community.meraki.com/t5/Security-SD-WAN/VPN-Registry-Disconnected-on-MX64/m-p/25338#M6158 

 

Check this one as well

https://community.meraki.com/t5/Security-SD-WAN/Urgent-VPN-Registry-Disconnected/m-p/71081#M17812

 

Regards
Inderdeep Singh
www.thenetworkdna.com
cmr
Kind of a big deal
Kind of a big deal

Re: VPN Registry Disconnected

@JonasResende we see this all the time where it goes from green to yellow and sometimes red.  It doesn't affect connections that are already up, but it would stop new connections being made while it was disconnected.

 

How often do you see it completely disconnected, if more than occasionally you can raise a support ticket to be moved to a different cloud server.

 

We were going to do that but it calmed down and we only occasionally see red now, and it has never affected the site to site connections.

Bruce
Kind of a big deal

Re: VPN Registry Disconnected

@JonasResende Are there any messages in the event log? The VPN registry connection is only required to first establish the VPN tunnels, and then when the keys are renewed. So the tunnel will stay up even if the VPN registry connection is lost.

 

You can sometimes lose registry connectivity if the Meraki registry server is overloaded, and you’ll likely be able to see that in the log - lots of registry connectivity losses and connections. Of course, it is just possible that there is something upstream blocking the connection - the VPN registry uses UDP ports 9350 and 9351, and you can find the IP addresses for your org., buy looking under Help -> Firewall Info.

Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.