Possible clash with internal 100.64.x.x range

Hey All,
We are having some strange issue, and I was wondering if this could possibly be the problem. New to ZScaler but from what I see you use 100.60.0.0/16 as tunnel destination.
My question, we have an Internet facing network which use our internal DNS with IP in the 100.64.0.0/16 range. It sometimes works but mostly the Zapp gives the following errors:
Internet Security = connection error
Private access = connecting…

after ‘restart service’ it connects fine.

On another network where I changed the DNS to a DNS server with public IP it seems to work perfect.

Please advise.

Also, what is the difference between the capture files (CaptureAdapters_* and CaptureLWF_*)

Thankls yall

These are carrier grade private addresses and you shouldn’t be using these on your network.

Hey Gordon, thanks for taking the time to reply.
I am aware of the DNS being in CGN space, and somewhat of legacy issue, and in the process if getting fixed.
My question was actually more on understanding how the technology would work and what would break.
Also about understanding what the differences are between the capture files.
If I could take a guess the capture with ‘LWF’ in the naming would be the ‘tunneled’ packets???

Hi Johnny,

I can at least tell you that zTunnel 1.0 tries to connect to 100.64.0.6 for tunnel establishment.
We have the same issue as you - we excluded this IP from our VPN encryption networks so it won´t be send into the VPN tunnel anymore.

Regards Tom