01-22-2013 02:43 PM
I have an SMA that manages multiple WSA's across the globe. Due to routing in one location we have found a large amount of traffic being generated by our WSA trying to do a reverse lookup of my SMA's ip address externally. We do not have a reverse lookup for the SMA as it is an internal appliance. Is there a way to stop the reverse lookup from occuring via a configuration on the WSA?Any help is appreciated.
Thanks
01-24-2013 08:58 AM
Hi Dominick,
I will look into this for you today and provide you with an answer.
Sincerely,
Erik Kaiser
WSA CSE
WSA Cisco Forums Moderator
01-24-2013 09:07 AM
Hi Dominick,
I have a solution for your problem. You will need to log into the CLI of the WSA and issue the following commands:
s370r01.csw> dnsconfig
Currently using the local DNS cache servers:
1. Priority: 0 10.9.8.8
Choose the operation you want to perform:
- NEW - Add a new server.
- EDIT - Edit a server.
- DELETE - Remove a server.
- SETUP - Configure general settings.
- SEARCH - Configure DNS domain search list.
[]> localhosts <----- Hidden Command
Local IP to Host mappings:
Choose the operation you want to perform:
- NEW - Add new local IP to host mapping.
- DELETE - Delete an existing mapping.
[]> new
Enter the IP address of the host you are adding.
[]> 10.1.1.1 < -------- IP of the M series
Enter the canonical host name and any additional aliases (separate values with spaces)
[]> Host name of the M series. Hit enter until you get back to the command prompt and type commit then enter.
Sincerely,
Erik Kaiser
WSA CSE
WSA Cisco Forums Moderator
01-24-2013 11:16 AM
Erik,
Thanks for the reply, I made this configuration change and my telecom group is reviewing the traffic patterns to see if this fixed the issue. I was able to do a forward DNS lookup in my WSA and it resolves from this localhost, but I do not get a response when I do a reverse lookup for the ip of this host.
Dominck
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide