cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

VPN Registry: Partially connected - What does this mean ?

SOLVED
Here to help

VPN Registry: Partially connected - What does this mean ?

Hi All

 

On the VPN status page I have a couple of sites that "once in a while" displays the yellow (warning) VPN Registry: Partially connected. (like in the picture).Partially.PNG

This is a Hub and Spoke setup (not full mesh), and even though we have multiple Hubs, one spoke is only configured for a single Hub (and full tunnel to that Hub), no failover.

 

From the text of the warning, i would presume that everythings works fine, but .... ( Just a quick sidenote, the registration is normally Green and good, but sometimes it turns yellow with that message).

 

Our question is, what does this mean ?

I have been searching the Meraki documentation, and on this forum, but I do not seem to be able to find a specific correct answer. Any suggestions ?

 

/Thomas

 

1 ACCEPTED SOLUTION

Accepted Solutions
Meraki Employee

Re: VPN Registry: Partially connected - What does this mean ?

AutoVPN uses a Registry hosted in the cloud in order to provision VPNs. A Registry holds the record of all the MXs in an organisation and other information needed in order to automatically push the required configurations when new VPN tunnels are created.

 

VPN Registries have HA configuration and usually the security appliance is able to connect to more than one instance of the VPN registry at the time. My understanding is that the warning may indicate that the Security Appliance is having trouble connecting to one of the registries.

 

This will not affect your already provisioned VPNs, nor it will normally affect the configuration of new VPN tunnels.

 

If you do experience the issue with new VPN tunnels provisioning contact support and they should be able to help.

6 REPLIES 6
Meraki Employee

Re: VPN Registry: Partially connected - What does this mean ?

AutoVPN uses a Registry hosted in the cloud in order to provision VPNs. A Registry holds the record of all the MXs in an organisation and other information needed in order to automatically push the required configurations when new VPN tunnels are created.

 

VPN Registries have HA configuration and usually the security appliance is able to connect to more than one instance of the VPN registry at the time. My understanding is that the warning may indicate that the Security Appliance is having trouble connecting to one of the registries.

 

This will not affect your already provisioned VPNs, nor it will normally affect the configuration of new VPN tunnels.

 

If you do experience the issue with new VPN tunnels provisioning contact support and they should be able to help.

Here to help

Re: VPN Registry: Partially connected - What does this mean ?

Thank you for the answer - it makes sense.

 

But this opens another question for me 🙂

 

If the Registry status turns red, does this just mean that the MX or Z3 cannot reach the registry, but the already established VPN connection continuous to work fine ? (unless something changes in the network in that time where the registry status is red).

 

/Thomas

Highlighted
Meraki Employee

Re: VPN Registry: Partially connected - What does this mean ?

You're welcome.

 

Yes - already established VPNs should function just fine even if the Registry status goes red.

The only time Registry is really involved is when you provision a new VPN tunnel.

Kind of a big deal

Re: VPN Registry: Partially connected - What does this mean ?

Support can change the registry your ORG uses to a new one they have, but they have to be contacted for that. I did it because I was seeing the same issue, presumably because it was 'overloaded' or something. Once they moved my ORG to use the new one, no more issues.
Nolan Herring | nolanwifi.com
TwitterLinkedIn
Conversationalist

Re: VPN Registry: Partially connected - What does this mean ?

My Org had exactly the same issue. Contacted support and they arranged to move to their new vpn registry servers. Since then we have had no more of these alerts in our dashboard event logs.

Comes here often

Re: VPN Registry: Partially connected - What does this mean ?

I have recently deployed 5 Meraki devices and setup site-site VPNs which are all working fine. Since day 1 I have been seeing this "VPN Registry: Partially connected" message and red lines in the VPN Status page. I contacted support who first suggested port blocking by upstream firewalls but we have no upstream firewalls. I pointed support to this thread and they then suggested we could move to new VPN Registry servers but would incur 20mins downtime.

 

I think I would rather see the red lines than have to schedule the downtime. Assuming this is a cloud issue it seems strange Meraki have not managed to address this internally?

Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.