In a nutshell, we're trying to stand up a Classic route based IPSec tunnel between GCP VPN and Zscaler's ZEN (Zscaler Enforcement Node). Thus far we've been unable to establish successful phase 2 handshake regardless of IKEv1 or v2 cipher used. After looking at logs provided by Zscaler support pulled from the ZEN (remote peer), it looks like it's having trouble with the generic proposal sent by our GCP cloud VPN peer. According to Zscaler's documentation; they support all default settings used by GCP VPN for both IKEv1 & v2 (encryption integrity, mode, hash, DH, and lifetime), although they do indicate preferential settings within their documentation. According to the response from Zscaler support, they require a separate subscription for phase 2 AES encryption. They've inquired about the possibility of us configuring the GCP cloud VPN peer to send a NULL phase 2 proposal, however there are no specific configurable options for either cipher type within GCP classic cloud VPN. Has anyone encountered a similar situation between Zscaler and GCP regarding IPSec negotiation, and do you have any recommendations aside from purchasing the phase 2 AES encryption service from Zscaler? Thanks in advance for any recommendations and/or insights you can provide!
Unable to establish IPSec tunnel between GCP VPN (Classic) and Zscaler ZEN (Zscaler Enforcement Node)
685 Views Asked by Christopher Landolfi At
1
There are 1 best solutions below
Related Questions in NETWORKING
- Mock an Entity Framework class with JustMock inside another class
- Sitecore Unit Testing is not a success?
- The following setups were not matched - converting JustMock to Moq
- TestFixtureSetUpAttribute not found in JustMock?
- First Unit Tests! ASP.NET MVC with Repositories causing errors
- How to Mock Asynchronous Methods in JustMock?
- What is equivalent of moq.As in JustMock?
- JustMock - How to mock a method for all instances by returning the result of the equivalent method of another class (sharing a common interface
- How to properly unit test a class that takes a dependency using JustMock
- Using ReturnsAsync When Automocking in JustMock
Related Questions in GOOGLE-CLOUD-PLATFORM
- Mock an Entity Framework class with JustMock inside another class
- Sitecore Unit Testing is not a success?
- The following setups were not matched - converting JustMock to Moq
- TestFixtureSetUpAttribute not found in JustMock?
- First Unit Tests! ASP.NET MVC with Repositories causing errors
- How to Mock Asynchronous Methods in JustMock?
- What is equivalent of moq.As in JustMock?
- JustMock - How to mock a method for all instances by returning the result of the equivalent method of another class (sharing a common interface
- How to properly unit test a class that takes a dependency using JustMock
- Using ReturnsAsync When Automocking in JustMock
Related Questions in VPN
- Mock an Entity Framework class with JustMock inside another class
- Sitecore Unit Testing is not a success?
- The following setups were not matched - converting JustMock to Moq
- TestFixtureSetUpAttribute not found in JustMock?
- First Unit Tests! ASP.NET MVC with Repositories causing errors
- How to Mock Asynchronous Methods in JustMock?
- What is equivalent of moq.As in JustMock?
- JustMock - How to mock a method for all instances by returning the result of the equivalent method of another class (sharing a common interface
- How to properly unit test a class that takes a dependency using JustMock
- Using ReturnsAsync When Automocking in JustMock
Related Questions in IPSEC
- Mock an Entity Framework class with JustMock inside another class
- Sitecore Unit Testing is not a success?
- The following setups were not matched - converting JustMock to Moq
- TestFixtureSetUpAttribute not found in JustMock?
- First Unit Tests! ASP.NET MVC with Repositories causing errors
- How to Mock Asynchronous Methods in JustMock?
- What is equivalent of moq.As in JustMock?
- JustMock - How to mock a method for all instances by returning the result of the equivalent method of another class (sharing a common interface
- How to properly unit test a class that takes a dependency using JustMock
- Using ReturnsAsync When Automocking in JustMock
Related Questions in ZSCALER
- Mock an Entity Framework class with JustMock inside another class
- Sitecore Unit Testing is not a success?
- The following setups were not matched - converting JustMock to Moq
- TestFixtureSetUpAttribute not found in JustMock?
- First Unit Tests! ASP.NET MVC with Repositories causing errors
- How to Mock Asynchronous Methods in JustMock?
- What is equivalent of moq.As in JustMock?
- JustMock - How to mock a method for all instances by returning the result of the equivalent method of another class (sharing a common interface
- How to properly unit test a class that takes a dependency using JustMock
- Using ReturnsAsync When Automocking in JustMock
Trending Questions
- UIImageView Frame Doesn't Reflect Constraints
- Is it possible to use adb commands to click on a view by finding its ID?
- How to create a new web character symbol recognizable by html/javascript?
- Why isn't my CSS3 animation smooth in Google Chrome (but very smooth on other browsers)?
- Heap Gives Page Fault
- Connect ffmpeg to Visual Studio 2008
- Both Object- and ValueAnimator jumps when Duration is set above API LvL 24
- How to avoid default initialization of objects in std::vector?
- second argument of the command line arguments in a format other than char** argv or char* argv[]
- How to improve efficiency of algorithm which generates next lexicographic permutation?
- Navigating to the another actvity app getting crash in android
- How to read the particular message format in android and store in sqlite database?
- Resetting inventory status after order is cancelled
- Efficiently compute powers of X in SSE/AVX
- Insert into an external database using ajax and php : POST 500 (Internal Server Error)
Popular # Hahtags
Popular Questions
- How do I undo the most recent local commits in Git?
- How can I remove a specific item from an array in JavaScript?
- How do I delete a Git branch locally and remotely?
- Find all files containing a specific text (string) on Linux?
- How do I revert a Git repository to a previous commit?
- How do I create an HTML button that acts like a link?
- How do I check out a remote Git branch?
- How do I force "git pull" to overwrite local files?
- How do I list all files of a directory?
- How to check whether a string contains a substring in JavaScript?
- How do I redirect to another webpage?
- How can I iterate over rows in a Pandas DataFrame?
- How do I convert a String to an int in Java?
- Does Python have a string 'contains' substring method?
- How do I check if a string contains a specific word?
Thanks again John for your insights and help! I suppose the answer was right there all along to begin with, and I simply refused to see it lol. It also led me to understand why our attempts to establish a tunnel using IKEv2 failed as well - GCP VPN sends their generic proposal, with the intention of conforming to cipher settings received from the remote peer. In situations where the remote peer utilizes a generic proposal as well, GCP VPN chooses a 'best fit' based on the hardware vendor ID sent by the remote peer. In this situation the Zscaler Enforcement Node (ZEN) remote peer responds with an unknown vendor ID which, possibly due to it being their own proprietary unregistered platform. If it's not inclusive to GCP VPN's list of known hardware vendor IDs, it explains why the GCP peer responds stating unidentified remote peer proposal.
Nonetheless, thanks again for all your help!