- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Looking to setup split tunnel on Meraki network to bypass Sase Zscaler firewall for specific Vlan
We are deploying a new VoIP system through our network. We are using Ribbon SBC 100. We also have recently deployed a new Sase Firewall on the network, Zscaler. The problem is when we turn on the Zscaler tunnel on the specific network, the SBC drops the connection. With Zscaler enabled, the “SIP/2.0 200 OK” isn’t being returned to the SBC when it sends out the OPTIONS packets. The way Zscaler works is it sends outbound traffic to Zscaler to be inspected and then returns, but with a different IP. The SBC does not recognize this traffic and therefore drops it.
The solution we were looking into is to bypass the Zscaler tunnel completely and set up a split tunnel. We are not sure how to do this though. We are using Meraki MX-100 for smaller sites and an MX-250 for larger sites. We have a GRE Cisco 891F we have to test as well.
Any help would be appreciated!
- Labels:
-
3rd Party VPN
-
Firewall
-
Other
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Did you find this KB article? https://documentation.meraki.com/MX/Site-to-site_VPN/VPN_Full-Tunnel_Exclusion_(Application_and_IP%2...)
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Sorry, I get a "Page not found" error message.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thank you, I found this article: ZIA & Application Layer Gateway Enabled Applications
How do we bypass Zscaler by changing the configuration on the firewall or router when configuring your GRE or IPSec tunnel?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Are your zScaler tunnels stood up between your MX's and the zScaler datacenters? Or does the internet/zScaler-bound traffic traverse a Meraki AutoVPN tunnel back to a head-end somewhere?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I think its the first one, we are using an IPSec tunnel, though we are looking into switching to GRE if needed.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
MX does not support GRE - IPsec is indeed the protocol to use
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
We have a Cisco 800 series we are looking to add to our set up if GRE is required.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
We have resolved this issue by bypassing the VoIP VLan from the Zscaler tunnel altogether.
