Meraki

Community

VPN Registry

Solved
Billy
Getting noticed
‎Jan 18 2018 5:43 PM
‎Jan 18 2018 5:43 PM

VPN Registry

I keep seeing log messages like:

 

Jan 19 11:15:46HUB-MAST VPN registry connectivity changevpn_type: site-to-site, connectivity: true
Jan 19 11:15:23HUB-MAST VPN registry connectivity changevpn_type: site-to-site, connectivity: false
Jan 19 11:14:29HUB-MAST VPN registry connectivity changevpn_type: site-to-site, connectivity: true
Jan 19 11:14:16HUB-MAST VPN registry connectivity changevpn_type: site-to-site, connectivity: false
Jan 19 10:48:27HUB-MAST VPN registry connectivity changevpn_type: site-to-site, connectivity: true
Jan 19 10:48:00HUB-MAST VPN registry connectivity changevpn_type: site-to-site, connectivity: false
Jan 19 10:46:56HUB-MAST VPN registry connectivity changevpn_type: site-to-site, connectivity: true

 

and on the VPN status:

  • VPN Registry: Partially connected. This security appliance is able to connect to at least one VPN registry using outbound UDP port 9350.

or

MX is unable to reach VPN registry

 

So my question is, does temporarily loosing connectivity to the VPN Registry affect the tunnels that have already been established, in any way? 

 

1 Accepted Solution
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Jan 18 2018 6:03 PM
‎Jan 18 2018 6:03 PM

It has no effect at all on established tunnels.

 

And usually, it has no affect on forming new tunnels as long as nothing has changed its IP address or port.

View solution in original post

9 Replies 9
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Jan 18 2018 6:03 PM
‎Jan 18 2018 6:03 PM

It has no effect at all on established tunnels.

 

And usually, it has no affect on forming new tunnels as long as nothing has changed its IP address or port.

In response to PhilipDAth
Billy
Getting noticed
‎Jan 18 2018 6:38 PM
‎Jan 18 2018 6:38 PM

@PhilipDAth wrote:

It has no effect at all on established tunnels.

 

And usually, it has no affect on forming new tunnels as long as nothing has changed its IP address or port.

Thanks PhilipDAth

0 Kudos
In response to Billy
MilesMeraki
Head in the Cloud
‎Jan 18 2018 11:16 PM
‎Jan 18 2018 11:16 PM

I had this on-going problem with one of our MX's. I opened a support case and Meraki support advised that this problem normally arises when the MX is having problems connecting to one of the registries. They manually changed the registry which ours connected to and I then stopped seeing these events in our event log.

 

I'd advise contacting support so they can do the same for you.

Eliot F | Simplifying IT with Cloud Solutions
Found this helpful? Give me some Kudos! (click on the little up-arrow below)
In response to MilesMeraki
Billy
Getting noticed
‎Jan 21 2018 3:01 PM
‎Jan 21 2018 3:01 PM

@MilesMeraki wrote:

I had this on-going problem with one of our MX's. I opened a support case and Meraki support advised that this problem normally arises when the MX is having problems connecting to one of the registries. They manually changed the registry which ours connected to and I then stopped seeing these events in our event log.

 

I'd advise contacting support so they can do the same for you.

I see. I assume that the vpn registries that are currently assigned are not optimal.

Thanks, I will contact the support about that

In response to Billy
nst1
Building a reputation
‎Apr 24 2019 11:06 AM
‎Apr 24 2019 11:06 AM




what records it refers to, I have the same problem.
0 Kudos
In response to PhilipDAth
JohnPaul
Getting noticed
‎Jan 29 2020 2:36 PM
‎Jan 29 2020 2:36 PM

This does have an affect on new tunnels being established, or in cases where the public IP address of the hub is changed. This has been going on for over a year for us with many partial to full registry disconnects on all our sites.

0 Kudos
KevinChinSTI
Conversationalist
‎Jul 16 2021 8:58 AM
‎Jul 16 2021 8:58 AM

I was getting the same errors on my end.  I was speaking to my team and we believe we need an upgrade to our equipment.  We continue to add more and more devices.  Everything was showing up on the dashboard, but not able to establish a VPN connection.  We removed the network template to the device, re-added it the same template, and the device came back up.  For some reason the equipment was 'stuck' in a phase and not able to establish the connection back to our VPN network.  VPN is up and running correctly.

Eric354
New here
‎Mar 29 2024 8:03 AM
‎Mar 29 2024 8:03 AM

I have this same issue with 1 site. Meraki support has "manually changed the registry which ours connected to" that solves the problem but only temporarily. It will return in a week or month, timing is random.

 

Would like to see a fix for this that is not temporary.

0 Kudos
nst1
Building a reputation
‎Mar 29 2024 9:58 AM
‎Mar 29 2024 9:58 AM

I had to open a case with Meraki TAC.
 
The only thing they told me was that it was a known issue.
 
But they still didn't know which version it would be resolved in.
 
So they made an adjustment in the backend but they never told me what it was.
 
Since that moment the problem has not occurred again.
0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.