Meraki Community

Fabian1 · ‎Mar 29 2022

Hi everyone,

does anybody have a VPN tunnel to Zscaler via a Meraki MX?

We got some issues that if we have many sub-networks (local networks on the MX) configured, Zscaler support is complaining that we have too many policies configured (VPN SA). But we use IKEv2 so that shouldn't be a problem at all, that what also the Meraki support tells us. Now I reduced the local networks to 4, but they are still not happy with our configuration.

Has anyone faced the same problem with them? Do you have a good solution for this case?

Best

Inderdeep · ‎Mar 30 2022

@Fabian1 : I will see any solution but I would recommend you to take it with the support to get it done

https://community.zscaler.com/t/ipsec-tunnel-using-user-fqdn-to-from-cisco-meraki-to-zscaler/8970/3

Regards/Inder
Cisco IT Blogs awarded in 2020 & 2021
www.thenetworkdna.com

MarkusP · ‎Nov 18 2022

Hi Fabian,

were you able to establish the zscaler ipsec tunnel using ikev2 settings ?

If so could you share the setitings ?

Thanks,

Markus

Fabian1 · ‎Nov 27 2022

Hi Markus,

we used the standard Meraki ikev2 settings for Zscaler. I just hat to add the public IP of the MX to Local ID. You can also User FQDN if the IP is not static.

Naray · ‎Mar 28 2023

hi @Fabian1

how is failover working between zscaler frankfurt and munich.

at branch sites i have internet and mpls. i am planning to advertise proxy 1 ip via primary link (i.e private subnet of non meraki vpn peer), proxy 2 ip via secondary/backup zscaler link initiated via local internet link. while proxy 3 will be advertised via autovpn (proxy 3 will be advertised via zscaler in dc). all 3 proxy ip addresses will be configured in the pac file. any thoughts on this?

Meraki Community

VPN to Zscaler

VPN to Zscaler