Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Version 1 Next »

To set up IPSec VPN tunnels to Zscaler ZIA Public Service Edges, you must properly configure parameters on both the BloxOne Cloud Services Portal and Zscaler Cloud Portal.

Prerequisites

Ensure that you have the following information for each IPSec VPN tunnel:

  • The IP address or the hostname of the ZIA Public Service Edge.
  • The shared secret, which must match on the BloxOne Service Edge and ZIA Public Service Edge.
  • The IP address of the BloxOne edge you plan to connect with the ZIA Public Service Edge. This IP address is available on the On-Prem Host page of the Cloud Services Portal.

To set up the IPSec VPN tunnel to the ZIA Public Service Edge, do the following:

  1. Locate the IP address of the ZIA Public Service Edge, and enter it in the IP Address field when you configure the edge connectivity policy. For details, see Locating the Hostnames and IP Addresses for ZIA Public Service Edges.
  2. Configure an edge connectivity policy on BloxOne Service Edge. Select Zscaler as the third-party VPN vendor. For details, see Configuring Edge Connectivity Policies.
  3. Configure the ZIA Public Service Edge to communicate with the BloxOne Service Edge. For details, see Configuring IPSec VPN for Zscaler Portal.

Configuring IPSec VPN on Zscaler Cloud Portal

To configure an IPSec VPN tunnel to the ZIA Public Service Edge, you must have admin credentials for the Zscaler Cloud Portal. On the Zscaler Cloud Portal, do the following to connect to BloxOne Service Edge:

  1. Provision the IP address of the BloxOne edge as described in Configuring IPSec VPN for Zscaler#Provisioning IP Address for BloxOne Service Edge.
  2. Create VPN credentials for the BloxOne edge as described in Configuring IPSec VPN for Zscaler#Creating VPN Credentials for BloxOne Service Edge.
  3. Configure location management for the BloxOne edge as described in Configuring IPSec VPN for Zscaler#Configuring Location Management for BloxOne Service Edge.

Provisioning IP Address for BloxOne Service Edge

  1. Log in to the Zscaler Cloud Portal with your admin credentials.
  2. On the navigation panel, click Administration Static IPs & GRE Tunnels under Resources.
  3. On the Static IP tab, click Add Static IP:


  4. In the Add Static IP Configuration dialog, enter the IP address of the BloxOne edge in the Static IP Address field and a description of the IP address in the Description field:
  5. To obtain the BloxOne edge IP address, do the following:
    1. Log in to the BloxOne Cloud Services Portal, and click On-Prem Host on the navigation menu.
    2. Select the on-prem host (or the BloxOne edge) that you want to connect to the ZIA Public Service Edge.
    3. Click Edit to open the editor, and then expand the IP Interface Settings section.
    4. Obtain the IP address of the WAN interface. This is the IP address you need to provision.

  6. Click Next to proceed to configuring the geolocation of the BloxOne edge. Select Automatic to auto-detect the location of the IP address, or select Manual and use the Latitude and Longitude fields to specify the geolocation.


  7. Click Next to proceed to reviewing the configuration, and then click Save. After saving, you must activate the configuration.
  8. On the navigation panel, click Activation > Activate. The Activation option displays the number of activation changes you have yet to activate. After you activate your change, the Activation Completed message is displayed.

Creating VPN Credentials for BloxOne Service Edge

  1. On the Zscaler Cloud Portal, click Administration VPN Credentials under Resources on the navigation pane.
  2. On the VPN Credentials page, click Add VPN Credentials.


  3. In the Add VPN Credentials dialog, click IP and specify the following details:
    1. IP Address: Choose the IP address you have provisioned from the drop-down list.
    2. New Pre-Shared Key: Enter the PSK you used when configuring the Edge Connectivity policy in the BloxOne Cloud Services Portal. The PSK here must match the one you entered for the BloxOne Edge Connectivity policy. For more information, see Creating Edge Connectivity Policies.
    3. Confirm New Pre-Shared Key: Enter the PSK again, to confirm.
  4. Click Save to save the configuration. After saving, you must activate the configuration.
  5. On the navigation panel, click Activation > Activate.

Configuring Location Management for BloxOne Service Edge

  1. On the Zscaler Cloud Portal, click Administration Location Management under Resources, on the navigation panel.

  2. On the Location Management page, click Add Location to add a new location for the IP address you have just provisioned. You can also add the IP address to one of the locations you have configured, by clicking the  icon of that location. The functionality for managing location allows you to group IP addresses by location. For more information, see Configuring Locations for ZIA Public Cloud Services.

    Note

    Each IP address can be associated with one location only.

     
     

  3. Click Save to save the configuration. After saving, you must activate the configuration.
  4. On the navigation panel, click Activation > Activate.

Viewing IPSec Tunnel Data

The Zscaler Cloud Portal provides insights and logs. Use this feature to view the health, status, authentication, encryption algorithms, and other data about your IPSec tunnels. Also use it to determine whether the BloxOne Service Edge connection is up and running.

To view the insights logs, do the following:

  1. Log in to the Zscaler Cloud Portal by using your admin credentials.
  2. On the navigation panel, click Analytics Tunnels Insights under Insights.
  3. Click Logs, and do the following:
    1. Timeframe: Choose a timeframe from the drop-down menu, to limit data to a specific time duration.
    2. Number of Records Displayed: Select the number of records to be displayed in the panel on the right.
    3. Select Filters: Click Add Filter, and choose a filter from the drop-down menu.
    4. Click Apply Filters.


  4. The Zscaler Cloud Portal displays information in the panel on the right according to the timeframe, number of records, and filters. Click the  icon to select or deselect fields to be displayed. Click the  icon to export data in the CSV format.

    The Tunnel Status column indicates the status of the connection and whether the IPSec tunnel is up and running. For more details, see Tunnel Insights Logs: Columns.
  • No labels