https://community.cisco.com/t5/network-security/trace-route-doesn-t-return-dns-name/m-p/2264752#M348232 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>You could try the following. (Depending if your <STRONG>"policy-map"</STRONG> configuration is as its default settings)</P><P></P><P><STRONG>policy-map global_policy</STRONG></P><P><STRONG> class inspection_default</STRONG></P><P><STRONG>&nbsp; inspect icmp error</STRONG></P><P><STRONG>&nbsp; inspect icmp</STRONG></P><P></P><P> Then you could add the following to your ACL attached to your <STRONG>"outside"</STRONG> interface or configure a new ACL to your <STRONG>"outside"</STRONG> interface if it doesnt yet exist</P><P></P><P><STRONG>access-list OUTSIDE-IN remark Allow ICMP return messages</STRONG></P><P><STRONG>access-list OUTSIDE-IN permit icmp any any unreachable</STRONG></P><P><STRONG>access-list OUTSIDE-IN permit icmp any any time-exceeded</STRONG></P><P><STRONG>access-list OUTSIDE-IN permit icmp any any echo-reply</STRONG></P><P></P><P><STRONG>access-group OUTSIDE-IN in interface outside</STRONG></P><P></P><P>You will naturally use the existing ACL if you have one. If no ACL exists you can use the above configuration as it is.</P><P></P><P>Hope this helps <SPAN __jive_emoticon_name="happy" __jive_macro_name="emoticon" class="jive_macro jive_emote" src="https://community.cisco.com/4.5.4/images/emoticons/happy.gif"></SPAN></P><P></P><P>Please remember to mark the reply as the correct answer if it answered your question.</P><P></P><P>Ask more if needed</P><P></P><P>- Jouni</P></BODY></HTML> Wed, 12 Jun 2013 10:35:52 GMT Jouni Forss 2013-06-12T10:35:52Z https://community.cisco.com/t5/network-security/trace-route-doesn-t-return-dns-name/m-p/2264751#M348231 <P>I changed from a Linksys E4200 to a 5505 and when I use trace route, it doesn't return a DNS name for each hop.&nbsp;&nbsp; I can see the hops shown as asterisks.&nbsp; Do I have to add something to inspect for this to work?&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </P> Tue, 12 Mar 2019 01:56:23 GMT https://community.cisco.com/t5/network-security/trace-route-doesn-t-return-dns-name/m-p/2264751#M348231 patrick.hurley 2019-03-12T01:56:23Z https://community.cisco.com/t5/network-security/trace-route-doesn-t-return-dns-name/m-p/2264752#M348232 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>You could try the following. (Depending if your <STRONG>"policy-map"</STRONG> configuration is as its default settings)</P><P></P><P><STRONG>policy-map global_policy</STRONG></P><P><STRONG> class inspection_default</STRONG></P><P><STRONG>&nbsp; inspect icmp error</STRONG></P><P><STRONG>&nbsp; inspect icmp</STRONG></P><P></P><P> Then you could add the following to your ACL attached to your <STRONG>"outside"</STRONG> interface or configure a new ACL to your <STRONG>"outside"</STRONG> interface if it doesnt yet exist</P><P></P><P><STRONG>access-list OUTSIDE-IN remark Allow ICMP return messages</STRONG></P><P><STRONG>access-list OUTSIDE-IN permit icmp any any unreachable</STRONG></P><P><STRONG>access-list OUTSIDE-IN permit icmp any any time-exceeded</STRONG></P><P><STRONG>access-list OUTSIDE-IN permit icmp any any echo-reply</STRONG></P><P></P><P><STRONG>access-group OUTSIDE-IN in interface outside</STRONG></P><P></P><P>You will naturally use the existing ACL if you have one. If no ACL exists you can use the above configuration as it is.</P><P></P><P>Hope this helps <SPAN __jive_emoticon_name="happy" __jive_macro_name="emoticon" class="jive_macro jive_emote" src="https://community.cisco.com/4.5.4/images/emoticons/happy.gif"></SPAN></P><P></P><P>Please remember to mark the reply as the correct answer if it answered your question.</P><P></P><P>Ask more if needed</P><P></P><P>- Jouni</P></BODY></HTML> Wed, 12 Jun 2013 10:35:52 GMT https://community.cisco.com/t5/network-security/trace-route-doesn-t-return-dns-name/m-p/2264752#M348232 Jouni Forss 2013-06-12T10:35:52Z