Edit a Resource Connector Group
After you deploy a Cisco Secure Access connector group, you can modify the name of the connector group, add alternate DNS servers with domains, or edit the DNS servers and domains that you configured for the resource connector.
Secure Access uses the default DNS server that you configured during connector deployment to resolve destinations for private resources. If the private resources in your organization are on various domains and the destinations are resolved by different DNS servers, you can specify these domains and DNS servers for the connector group in Secure Access.
Table of Contents
Prerequisites
- Full Admin user role. For more information, see Manage Accounts.
- (Optional) To add domains and DNS servers for a connector group, you must deploy the resource connectors in the connector group with Cisco Secure Access Connector software image version 2.0.33-xxxxx or newer.
Guidelines for Configuring Domains and DNS Servers on Connectors Groups
- You can add up to five DNS servers and domains with a total of 50 unique domains.
- For each addition, you can select the same DNS Server but add unique domains only.
- When you select a DNS server, Secure Access adds the primary DNS server and if configured, the secondary DNS server.
- You can add a maximum of ten unique domains with a DNS server. When you add multiple domains, separate the domains with a comma.
- You must add at least one domain with a DNS server.
- Secure Access does not support wildcards with domains.
- Secure Access supports valid domains only.
Procedure
Configure the properties of the Connector Group, optionally add DNS Servers and domains to resolve traffic for private resources, and edit configured DNS servers and domains.
- Edit the Name of the Connector Group
- Add Domains and DNS Servers for the Connector Group
- Remove All Configured DNS Servers and Domains
- Edit Configured Domains and DNS Servers for the Connector Group
Edit the Name of the Connector Group
-
Navigate to Connect > Network Connections, and then click Connector Groups.
-
If you see Next Steps at the top of the page, scroll down to the Connector Groups section.
-
In the table, click on the name of a connector group, and then click Edit.
-
For Connector Group name, enter a descriptive name for the connector group.
We recommend that you indicate the data center, branch office, or security zone location in the name. -
Click Save.
Add Domains and DNS Servers for the Connector Group
During initialization, resource connectors use the default DNS server to resolve the fully-qualified domain name (FQDN) of a private resource. By associating domains with DNS servers, you override this behavior and allow alternate DNS servers to resolve the domains for private resources.
Before you add domains and DNS servers for a connector group, review the requirements. For more information, see Guidelines for Configuring Domains and DNS Servers on Connectors Groups.
-
Navigate to Connect > Network Connections, and then click Connector Groups.
-
If you see Next Steps at the top of the page, scroll down to the Connector Groups section.
-
In the table, click on the name of a connector group, and then click Edit.
-
Check Use alternate DNS servers to resolve private resources based on domain.
- For Domains, enter a single domain or a comma-separated list of domains.
- For DNS Servers, select a configured DNS server.
The selected DNS servers includes the primary DNS server and if available, the secondary DNS server. For more information, see Manage DNS Servers. - (Optional) To add more domains and DNS servers, click +Domains and DNS Servers, and then repeat steps 5-6.
- (Optional) To remove a set of Domains and DNS Servers, click Remove.
- Click Save.
Remove All Configured DNS Servers and Domains
- Check off the Use alternate DNS servers to resolve private resources based on domain option.
- Click Save.
Edit Configured Domains and DNS Servers for the Connector Group
Important: If you delete a DNS server in Secure Access that is configured on a resource connector group, then new instances of the connectors in the resource connector group can not communicate with Secure Access. We recommend that you first remove a DNS server and domains on the resource connector group before you delete the DNS server from Secure Access. For more information, see Manage DNS Servers.
During initialization, resource connectors use the default DNS server to resolve the fully-qualified domain name (FQDN) of a private resource. By associating domains with DNS servers, you override this behavior and allow alternate DNS servers to resolve the domains for private resources.
Before you edit domains and DNS servers for a connector group, review the requirements. For more information, see Guidelines for Configuring Domains and DNS Servers on Connectors Groups.
-
Navigate to Connect > Network Connections, and then click Connector Groups.
-
If you see Next Steps at the top of the page, scroll down to the Connector Groups section.
-
In the table, click on the name of a connector group, and then click Edit.
-
Navigate to a set of Domains and DNS Servers.
-
For Domains, modify or enter a single domain or a comma-separated list of domains.
-
For DNS Servers, select a configured DNS server.
The selected DNS servers includes the primary DNS server and if available, the secondary DNS server. For more information, see Manage DNS Servers.
- (Optional) To add more domains and DNS servers, click +Domains and DNS Servers, and then repeat steps 5-6.
- (Optional) To remove a set of Domains and DNS Servers, click Remove.
- Click Save.
View a Connector Group's Connectors and Assigned Resources < Edit a Resource Connector Group > Disable, Revoke, or Delete Resource Connectors and Groups
Updated about 2 months ago