Any best practice for ZIA intergration of tunnels with Cisco Meraki?


I am working on a client architecture and am trying to scope how their present Cisco Meraki MX64-based infrastructure would be suitable to tunnel traffic to ZIA from the retail shops to the Zscaler cloud.

The customer is happy with Meraki and plans to activate new shops using the same technology.

Are there best practices for the integration of Meraki with ZIA?

I have read that their current IPsec tunneling feature does NOT support two tunnels running in parallel, with the secondary providing backup to the primary in case of a node/DC/exchange outage.

Is this still the case with the latest Meraki firmware?

Any advice is very much welcome!

Best regards,

Luca Bertagnolio
CryptoNet Labs

Hi Luca,

As you said Meraki MX does support IPSEC tunnels to Zscaler but doesn’t support failover. Obviously this should be double checked with Meraki, they may have enhancements we are not aware of.
This can be good enough for some customers as we have partners doing it at a large scale. We have a short configuration article here: Cisco Meraki MX - routing (tunnels) deployment | Cloudi Fi Knowledge Base

Damien Chastrette

1 Like

Thanks @damien, a very good article!

Bye, Luca