Support Center > Search Results > SecureKnowledge Details
All Virtual Systems on VSX Gateway / VSX cluster with enabled Mobile Access blade are trying to reach the same DNS server Technical Level
Symptoms
  • All Virtual Systems on VSX Gateway / VSX cluster with enabled Mobile Access blade are trying to reach the same DNS server.
Cause

By design, /etc/resolv.conf file and /etc/hosts file on VSX Gateway / VSX cluster member are shared by all Virtual Systems. As a result, all Virtual Systems are trying to reach the same DNS server.


Solution

If Mobile Access blade is enabled on the involved Virtual System(s), then follow these steps to configure specific list of DNS servers and/or specific list of DNS records that will be used by the Mobile Access blade on the desired Virtual System(s):

  • To configure a specific list of DNS Servers for a Virtual System to be used by the Mobile Access blade:

    • Either edit the $CVPNDIR/var/resolv.conf file in the context of that Virtual System on VSX Gateway / each VSX cluster member.

    • Or in SmartDashboard, open the object of the desired Virtual System - expand 'Mobile Access' - click on 'Name Resolution' - in 'DNS Servers' section, check the box 'Primary' - add/select the Host object that represents the DNS server - click on OK - install the Security Policy on this Virtual System.

      Example:

    Notes:

    • Configuration of DNS servers in the Virtual System object (to be used by the Mobile Access blade) updates the $CVPNDIR/var/resolv.conf file in the context of that Virtual System on VSX Gateway / each VSX cluster member.
    • To configure the object that represents the DNS server:
      • Either in the object of the desired Virtual System, in the 'DNS Servers' section click on the 'Manage...' button - go to 'New...' menu - select 'Host...' - click on 'Configure Servers...' button - check the box 'DNS Server' - click on OK.
      • Or in SmartDashboard, go to 'Manage' menu - select 'Network Objects...' - click on 'New...' - select 'Node' - select 'Host...' - click on 'Configure Servers...' button - check the box 'DNS Server' - click on OK.
      Example:


  • To configure a specific list of DNS Records for a Virtual System to be used by the Mobile Access blade, edit the $CVPNDIR/var/hosts file in the context of that Virtual System.

 

Notes:

  • The $CVPNDIR/var/resolv.conf file and $CVPNDIR/var/hosts file are used only by Mobile Access features.

  • If DNS Servers were configured manually in the $CVPNDIR/var/resolv.conf file in the context of the Virtual System, but the issue persists, then:

    1. Switch to the context of the involved Virtual System:

      [Expert@HostName:0]# vsenv <VSID>
    2. Check the following files:

      [Expert@HostName:<VSID>]# stat $CVPNDIR/var/resolv.conf
      [Expert@HostName:<VSID>]# md5sum $CVPNDIR/var/resolv.conf
      [Expert@HostName:<VSID>]# stat $CVPNDIR/var/hosts
      [Expert@HostName:<VSID>]# md5sum $CVPNDIR/var/hosts
    3. Either install the Security Policy on this Virtual System, or just reload the Mobile Access policy:

      [Expert@HostName:<VSID>]# cvpnd_admin policy
    4. Check the following files:

      [Expert@HostName:<VSID>]# stat $CVPNDIR/var/resolv.conf
      [Expert@HostName:<VSID>]# md5sum $CVPNDIR/var/resolv.conf
      [Expert@HostName:<VSID>]# stat $CVPNDIR/var/hosts
      [Expert@HostName:<VSID>]# md5sum $CVPNDIR/var/hosts
    5. These files in the $CVPNDIR/var/ directory should not be over-written.

      Check that DNS Servers were not also configured in SmartDashboard in the object of Virtual System - expand 'Mobile Access' - click on 'Name Resolution' - refer to section 'DNS Servers'.

Give us Feedback
Please rate this document
[1=Worst,5=Best]
Comment