IPSec Tunnel using "User FQDN" to Zscaler

stevef1
New here

IPSec Tunnel using "User FQDN" to Zscaler

Hi All,

 

We are trying to establish IPSec tunnel to Zscaler from our Meraki device. There are two ways we can do this on Zscaler side: 

1. By whitelisting the public IP of the Meraki and using pre-shared key

2. Using "User FQDN" e.g. test@domain.com and pre-shared key

 

We can successfully establish a tunnel using option 1 above, however, since our IP's are dynamic, they could change at any time, or fail over to 4G backup. So, instead we want to use "user FQDN" option, however, we cannot get session established.

 

There is an ISP device which sits between the Meraki and the internet, however, I don't feel like this is causing issues since option 1 above works.

 

We've enagaged Meraki support to enable IKE Agressive Mode + User FQDN via the backend, and it seems to be done, and we've tried adding the user FQDN to both the Local ID and Remote ID fields and the session still does not get established.

 

Has anyone gotten "User FQDN" + Zscaler IPSec tunnel working? Or even gotten "User FQDN" working with some other 3rd party VPN?

1 Reply 1
KarstenI
Kind of a big deal
Kind of a big deal

I never implemented a VPN to Zscaler and I also try to avoid Aggressive mode where possible ...

You mention that you use the "User FQDN" as both the local and remote ID. That is probably not correct, as the remote ID is the string that the ZScaler has configured as a local ID.

If you found this post helpful, please give it Kudos. If my answer solves your problem, please click Accept as Solution so others can benefit from it.
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels