VPN Registry Retreive Only 2 Request

Solved
MakaraMEAS
Getting noticed

VPN Registry Retreive Only 2 Request

Good Afternoon Community,

I would like to create this message for discussion regarding to Meraki MX VPN registry disconnected, we check log on upstream Firewall we notice source MX request only try two request to VPN Registry. Anyone face same my issue and problem have been fix?

Your answer and comment is very appreciation.

Thanks, Stay Safe.
Makara.

M.MAKARA
1 Accepted Solution
MakaraMEAS
Getting noticed

Dear Community,

Meraki MX keep sending request through the back-end, as we try to pcap on upstream device still see the traffic request same src, dst port to VPN Registry Server, you maybe need to change session setting on upstream device like UDP discard, etc as MX use UDP port 9350-9351 to VPN Registry Server.

Thanks, BR,

M.MAKARA

View solution in original post

4 Replies 4
Inderdeep
Kind of a big deal
Kind of a big deal

@MakaraMEAS : Can you check the below thread, may be helpful for you !

https://community.meraki.com/t5/Security-SD-WAN/VPN-Registry-Disconnected/m-p/114950#M28848

 

Regards/Inder
Cisco IT Blogs awarded in 2020 & 2021
www.thenetworkdna.com
MakaraMEAS
Getting noticed

Thank you so much @Inderdeep,
We have been try those reboot, yeah it is working.
But we notices, log VPN connect to registry retry only two request. If MX try to 2 request fail to VPN registry it will not retry again and show VPN registry disconnected. Any other solutions instead of reboot MX or upstream devices?

Thanks,

M.MAKARA
MakaraMEAS
Getting noticed

Dear Community,

The problem is the upstream device, due MX still keep retry to connect to VPN registry(dst UDP 9350-9351) every 10s so upstream device still keep that session alive from MX.
The restart MX or modem is force to restart source port that MX uses to connect to VPN registry, it is not a good solutions if under production and VPN concentrator deployment.

So the solution should be check, fix on the upstream device such upstream Firewall, or ISP.

Thanks, BR,

M.MAKARA
MakaraMEAS
Getting noticed

Dear Community,

Meraki MX keep sending request through the back-end, as we try to pcap on upstream device still see the traffic request same src, dst port to VPN Registry Server, you maybe need to change session setting on upstream device like UDP discard, etc as MX use UDP port 9350-9351 to VPN Registry Server.

Thanks, BR,

M.MAKARA
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels