IPsec Tunnel from Azure virtual Gateway to Zscaler

Hi,

we are currently trying to establish a IPsec connection from Azure via the Azure virtual gateway to Zscaler.
But at the moment it isn´t working.
Does anyone have experience regarding this?

Thanks in advance.

Hi Constatin,

in the past there have been some limiting factors such as Azure VPN gateway not supporting NULL encryption and not initiating IKE. But today it should be possible to setup this outbound tunnel to Zscaler. Without any additional details it is hard to figure out why your setup is not working.

Before moving ahead with this … your email does not reveil much about the actual intent the setup. Are you trying to build a high available forwarding path of server workloads connecting to the Internet through ZIA? In that case Azure VPN gateway may not be the right choice. For example, so far it hasn’t proved to provide mechanisms to do an intelligent forwarding path failover from primary to secondary Zscaler DC based on L7 health-checks.

Not sure what you are trying to accomplish, but just wanted to let you know that this might be a blocker for running production workloads. There are better alternatives to achieve these goals …

2 Likes

Hi Luc,

I’m curious about what would be the best practise / recommended way to build a high available forwarding path of server workloads connecting to the Internet through ZIA ?
For now I’m also looking into setting up 2 IPSec tunnels from 1 Azure VPN gateway to 2 Zscaler locations. Failover/routing into these locations is a thing I’m strugling with.
I was also looking into the Azure Virtual WAN option but that is still in beta fase.

Hope to have added to the original question.

Regards, Martin

1 Like

We already solved the problem, it was a misconfiguration of us in the azure portal.

1 Like

Great if you can publish the steps to configure the same …

1 Like