Local routes when Private Access is enabled

Hello Community,

I am an embedded software developer and like many people currently I work from home. My company resently switched from a VPN based solution to ZScaler Private Access. When Private Access is enabled I am having trouble accessing my development network. Here’s my configuration:

  • I have my private network with internet access (192.168.1.0/24)
  • I have a local development network (172.16.0.0/24)
  • I use a tunnel to my company via Zscaler private access.

I can access my private network without any issues, even when private access is enabled. But I can’t access my local development network. I had similar issues with the previous VPN solution, but I was able to solve the issue with a static route. Unfortunately this solution doesn’t work for ZScaler.

My company’s IT support knows even worse than I do :smiley:

Do you have an idea how to fix the issue? Currently I have to enable and disable ZScaler Private Access multiple times per hour.

Regards,
Andy

Hi Andy,
Resolving your problem very much depends on how your company has configured Private Access, Internet Access (if you have it), and your client connector endpoint agent. If you message me here with your company details I can reach out to the zscaler team assigned to your company to loop them in. Otherwise having your zscaler admin open a ticket with our TAC would be the best approach. This way we can work with you and your internal team to see what’s happening and recommend a solution.

Mike

1 Like

I think your IT team has added all private subnets in the configuration hence ZCC is picking up all traffic.
You will have to reach out to them to modify the configuration or you can do a route print and see what route shows for 172.16.0.0/24.
If you company is using route based configuration then you can add a persistent route which will resolve your issue temporarily as Zscaler app would re-write the routes.

Just read your details again, so they must be using packet filter configuration and not route based configuration. You can confirm by running a route print on your machine and you should see routes with gateway as 100.64.x.x IP.
If you don’t see it as above then it is definitely using packet filter configuration
So the resolution would be to change the ZPA configuration to not pick all Private IP ranges or use route based configuration with a static persistent route.

1 Like

The team supporting your company directly has been informed of your issue, and I shared your contact info with them. You should hear from them shortly.

Cheers,
mike

1 Like