So we were able to connect to cisco vpn while zscaler was turned on with no issues for months but just 2 weeks ago when we try to connect, it says time out. check your internet. Does anyone had the same issue?
no, whoever runs ZIA for you will need to look at the logs
Did the IP or FQDN for the AnyConnect gateway change? Are they in your VPN bypass list in your App Profiles?
Is the SSL certificate on the Cisco VPN (asa/ftd/whatever) issued from a well known certificate authority?
(psst - pony up the $$$ and get ZPA to replace your existing VPN solution)
VPN should be bypassed at the App profile if using Tunnel 2.0. That is how we implemented it.
Test from a user machine and check on webinsights if you are seeing flows to anyconnect IPs. How are you bypassing ? Vpnbypass from app profile or through PAC file ? See if something has changed…collect zcc logs and check zsatunnel.
It’s possible that it is getting swept up and not bypassed anymore due to network or host changes what have you. Should be listed under vpngateway bypasses.
Web insights should give you the info of if it is hitting ZIA and if yes what the error is which will probably be cert related.
im the one running it and nothing has been changed eversince.