ZPA App Segment Internal IP uses the same 192.168.x.x network as User's Local Home network

Good day Zscaler Community,

We had a Troubleshooting Session with a User (whose mapped drives are inaccessible when using an IP, however when we use an FQDN the App can be successfully accessed)

and found that his local home network uses the same 192.168.x.x network that the ZPA App Segment Internal IPs also uses. Especially for an Application on 192.168.1.52 (that he is trying to access).

Question is: how do we resolve that?

How do we resolve a scenario where the User’s local home network uses the same 192.168.x.x network that the ZPA App Segment Internal IP also uses for an App on: 192.168.1.52

Thank you, kind regards

Michael M.

1 Like

I think you’ve answered your own question there.
They should map the drives and access resources by FQDN. This avoids any kind of routing issue.
Anything within the same broadcast domain would explicitly route directly (e.g. an app segment 192.168.1.0/24 and the users network being 192.168.1.0/24 wouldn’t work).
The one caveat would be advertising an application 192.168.1.1/32 would be a more specific route into ZPA, and should work.
My recommendation is always to avoid IP addresses in ZPA unless absolutely necessary, and even then make them host IP’s rather than network ranges.

Hi @mryan

Thank you very much for your response.

We tried advertising the application 192.168.1.1/32 using a more specific route, but that didn’t work. However, the other related Apps use FQDNs. But there’s a part of this particular App’s configuration that requires an IP not an FQDN, hence we hit a snag and therefore needed help.

Kind regards,

Michael M.