I've got a DNS issue on Web ressources with No rewriting (Use WSAM) on a cluster of SA 6500 with IVS (iveos : 6.4r2)
The ressource we want to publish, give us lot of trouble with the rewriting engine, so we want to test it WSAM functionnality.
The hostname of the web server is only internal (no present in DNS), for example intranet.mycompany.
When I test it, with only DNS name for the publication and for WSAM servers, I've got an error because of the DNS resolution made on the laptop and not on the Secure Access.
I try after with only the Direct IP adress (private IP non-routable on Internet), and it's working fine and we don't have any trouble on the ressources (not like with the rewriting engine).
We can modify the host file, but it will be hard to negotiate with RSSI to do that.
Do you have any idea of what we can do to resolve this issue?
Solved! Go to Solution.
I Open a JTAC, and this problem is resolved in 6.5r2.
We have already plan an upgrade. After upgrading in 6.5r5 everything is working fine.
Thanks for your help,
Do you have the FQDN, IP, and shortname all listed in the ACL and server list on the role (or destination profile)? What name do you as a user use to connect? Is the domain in the domain list on system>network>overview? What does your WSAM events log show when you connect: is it showing IVE DNS lookup? What is the client OS?
By default once WSAM is launched all DNS queries reach the SA.
You can setup a trace on the IVE to see if you get the DNS query and if you got a response to it.
There after check for ACL's that allow this server access.
I test by adding the IP + FQDN in the ACL and server list on the role (the shortname is not usefull with the DNS architecture). We use the FQDN to access the ressource.
The Domain configure in network/overview is the same as in the FQDN of the ressource.
After I make tcpdump on the internal Interface, I see the DNS queries from IVE to DNS server, with the answer of the DNS.
But the client (win xp sp3), can't access the ressource. On the test laptop, I can see in WSAM the destination I configure. But I never see Internet Explorer captured in the WSAM client.
I test with adding the host in the host file on the client and all it's working.
So the DNS queries don't come back to the client ... but the DNS querie is OK.
I made a test to look the difference in the WSAM logs, One time with a bookmarks with FQDN (not working) another one with just IP adress.
I look in the WSAM logs (attahed file). When I test the bookmarks with whole name, I have input IP address: 127.0.0.1 ...
when I use the bookmarks with the IP adress, I've got input IP address: 10.36.250.91 (which is the correct IPaddress and working).
I guess at this stage its better to create a TAC case and continue forward.
I open a case to JTAC this morning, I will reply to this message when it's resolved.