I never implemented a VPN to Zscaler and I also try to avoid Aggressive mode where possible ... You mention that you use the "User FQDN" as both the local and remote ID. That is probably not correct, as the remote ID is the string that the ZScaler has configured as a local ID.
... View more
