Null encryption / Zscaler

I’m trying to setup an aggressive mode VPN to Zscaler, which requires null encryption in phase 2.

I have this working on Cisco IOS / ASA & Fortingate etc, but I can’t see the option on the HD2.

Wondering if there’s a hidden feature, or perhaps this could be added as a feature request?

Hi.
We had the same need and Peplink developped a firmware including NULL Encryption in phase 2. We tested it and it was successfull. I think this should be included in next firmware version.

1 Like

IPsec NULL encryption will be included in firmware 8.0.1.

3 Likes

Thanks for your response, to be honest I’ve only just come back to this and can now see the NULL / MD5 option in IPSEC VPN.

Are you able to share any of your configuration parameters? I’m having a bit of trouble bringing up the Zscaler tunnel.

Hi,

I assume you defined a Site in Zscaler Configuration Interface and associated an IPSEC connection to it with a secret key.

I also assume you are trying to connect on one of the ZEN’s of Zscaler : Config | Zscaler

Then IPSEC tunnel we use is quit straight forward, for example sending all trafic through Belgium or France Zens :

Note : I didn’t manage to make it work with UNC, that’s a question to Peplink
Note 2 : the Lifetimes we use are not standard (specific firmware developped by Kenny) but you can put standard Lifetimes there for your tests.

Hope this helps.

Kind regards,
Sven

1 Like