VPN Registry

Solved
Billy
Getting noticed

VPN Registry

I keep seeing log messages like:

 

Jan 19 11:15:46HUB-MAST VPN registry connectivity changevpn_type: site-to-site, connectivity: true
Jan 19 11:15:23HUB-MAST VPN registry connectivity changevpn_type: site-to-site, connectivity: false
Jan 19 11:14:29HUB-MAST VPN registry connectivity changevpn_type: site-to-site, connectivity: true
Jan 19 11:14:16HUB-MAST VPN registry connectivity changevpn_type: site-to-site, connectivity: false
Jan 19 10:48:27HUB-MAST VPN registry connectivity changevpn_type: site-to-site, connectivity: true
Jan 19 10:48:00HUB-MAST VPN registry connectivity changevpn_type: site-to-site, connectivity: false
Jan 19 10:46:56HUB-MAST VPN registry connectivity changevpn_type: site-to-site, connectivity: true

 

and on the VPN status:

  • VPN Registry: Partially connected. This security appliance is able to connect to at least one VPN registry using outbound UDP port 9350.

or

MX is unable to reach VPN registry

 

So my question is, does temporarily loosing connectivity to the VPN Registry affect the tunnels that have already been established, in any way? 

 

1 Accepted Solution
PhilipDAth
Kind of a big deal
Kind of a big deal

It has no effect at all on established tunnels.

 

And usually, it has no affect on forming new tunnels as long as nothing has changed its IP address or port.

View solution in original post

9 Replies 9
PhilipDAth
Kind of a big deal
Kind of a big deal

It has no effect at all on established tunnels.

 

And usually, it has no affect on forming new tunnels as long as nothing has changed its IP address or port.


@PhilipDAth wrote:

It has no effect at all on established tunnels.

 

And usually, it has no affect on forming new tunnels as long as nothing has changed its IP address or port.


Thanks PhilipDAth

MilesMeraki
Head in the Cloud

I had this on-going problem with one of our MX's. I opened a support case and Meraki support advised that this problem normally arises when the MX is having problems connecting to one of the registries. They manually changed the registry which ours connected to and I then stopped seeing these events in our event log.

 

I'd advise contacting support so they can do the same for you.

Eliot F | Simplifying IT with Cloud Solutions
Found this helpful? Give me some Kudos! (click on the little up-arrow below)


@MilesMeraki wrote:

I had this on-going problem with one of our MX's. I opened a support case and Meraki support advised that this problem normally arises when the MX is having problems connecting to one of the registries. They manually changed the registry which ours connected to and I then stopped seeing these events in our event log.

 

I'd advise contacting support so they can do the same for you.


I see. I assume that the vpn registries that are currently assigned are not optimal.

Thanks, I will contact the support about that

nst1
Building a reputation




what records it refers to, I have the same problem.

This does have an affect on new tunnels being established, or in cases where the public IP address of the hub is changed. This has been going on for over a year for us with many partial to full registry disconnects on all our sites.

KevinChinSTI
Conversationalist

I was getting the same errors on my end.  I was speaking to my team and we believe we need an upgrade to our equipment.  We continue to add more and more devices.  Everything was showing up on the dashboard, but not able to establish a VPN connection.  We removed the network template to the device, re-added it the same template, and the device came back up.  For some reason the equipment was 'stuck' in a phase and not able to establish the connection back to our VPN network.  VPN is up and running correctly.

Eric354
New here

I have this same issue with 1 site. Meraki support has "manually changed the registry which ours connected to" that solves the problem but only temporarily. It will return in a week or month, timing is random.

 

Would like to see a fix for this that is not temporary.

nst1
Building a reputation

I had to open a case with Meraki TAC.
 
The only thing they told me was that it was a known issue.
 
But they still didn't know which version it would be resolved in.
 
So they made an adjustment in the backend but they never told me what it was.
 
Since that moment the problem has not occurred again.
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels