C2C,S2S,C2S,S2C Connectivity using ZPA

Hello Team,

I have a question related to ZPA service. Two branch offices say A & B are connected to ZSCALER cloud( for ZPA services ) using IPSEC. I read in Zscaler document that User ( initiator ) to Server communication is the only possibility while other communications like Client to Client, Server to Server , Server ( initiator ) to client are not possible. Am I right ? if yes, then do you have solution in roadmaps regarding this.


Thanks for posting Prashant!

ZPA does not use IPSEC, but instead relies on the Zscaler Client Connector to authenticate and forward traffic to ZPA. The Client Connector is installed on the user’s device and can operate when on or off the trusted corporate network. If traffic originates from something else, like a server or an IoT device where the Client Connector cannot or is not used, we have Zscaler Cloud Connector and Zscaler Branch Connector that enable you to apply ZPA and ZIA policies to the traffic.

I hope this helps answer your questions.

Thanks a lot Philip for your reply !

I thought IPSEC can be built as ZIA permits it.
Q1 : In that case, how a branch/DC connects to Zscaler ZPA cloud (Q1) ?

Now, let me tell you exact scenario. I want to connect two branches A & B ( consider that these are two different companies ) and they need restricted access may be few applications, FTP between each other etc. In order to use ZPA service as per your answer, I can use as per below :

  1. Zscaler Client Connector for user to application traffic ( app connector )
  2. Zscaler Cloud Connector and Zscaler Branch connector for Client to Client, Server to Server , Server ( initiator )

Q2 : Am I right ?

Could you please refer me any official doc for similar scenario.