Meraki

Community

APs going offline Tmobile - Zscaler non Meraki peer Tunnels

RDD
Conversationalist
13 hours ago
13 hours ago

APs going offline Tmobile - Zscaler non Meraki peer Tunnels

Hello,

 

We have been using Meraki non peer Zscaler tunnels with both Verizon and ATT gateways for a while now.  For the most part they have worked with only some issues from time to time.  We recently started testing T-Mobile Katalyst gateways and when the Zscaler tunnel is enabled the AP's fail immediately.  We drop the tunnel and the AP's come back online.  Has anyone had this issue with T-Mobile?  The setup we are using is the exact same as with the other gateways.  We are using IPsec with IKEv2 standard default Zscaler settings.

   

Thanks,

0 Kudos
1 Reply 1
alemabrahao
Kind of a big deal
Kind of a big deal
13 hours ago
13 hours ago

Do you know if they use CGNAT? If so, this adds packet overhead and can interfere with IPSec tunnels, especially with IKEv2 and default MTU sizes of 1500 bytes.
MTU fragmentation is a known problem with Zscaler on wireless ISPs like T-Mobile. Reducing the MTU in the Zscaler policy or on the tunnel interface usually solves the problem.

 

Working with T-Mobile 5G internet at home doesn't work with Meraki VPN - Cisco Community

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco ID. If you don't yet have a Cisco ID, you can sign up.
Labels
© 2025 Cisco Systems, Inc.