Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
459
Views
0
Helpful
1
Replies

Trace Route Doesn't Return DNS Name

Go to solution
patrick.hurley
Level 3
Level 3

‎06-11-2013 08:42 PM - edited ‎03-11-2019 06:56 PM

I changed from a Linksys E4200 to a 5505 and when I use trace route, it doesn't return a DNS name for each hop.   I can see the hops shown as asterisks.  Do I have to add something to inspect for this to work?                  

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Jouni Forss
VIP Alumni
VIP Alumni

‎06-12-2013 03:35 AM

Hi,

You could try the following. (Depending if your "policy-map" configuration is as its default settings)

policy-map global_policy

class inspection_default

  inspect icmp error

  inspect icmp

Then you could add the following to your ACL attached to your "outside" interface or configure a new ACL to your "outside" interface if it doesnt yet exist

access-list OUTSIDE-IN remark Allow ICMP return messages

access-list OUTSIDE-IN permit icmp any any unreachable

access-list OUTSIDE-IN permit icmp any any time-exceeded

access-list OUTSIDE-IN permit icmp any any echo-reply

access-group OUTSIDE-IN in interface outside

You will naturally use the existing ACL if you have one. If no ACL exists you can use the above configuration as it is.

Hope this helps

Please remember to mark the reply as the correct answer if it answered your question.

Ask more if needed

- Jouni

View solution in original post

0 Helpful
1 Reply 1

Go to solution
Jouni Forss
VIP Alumni
VIP Alumni

‎06-12-2013 03:35 AM

Hi,

You could try the following. (Depending if your "policy-map" configuration is as its default settings)

policy-map global_policy

class inspection_default

  inspect icmp error

  inspect icmp

Then you could add the following to your ACL attached to your "outside" interface or configure a new ACL to your "outside" interface if it doesnt yet exist

access-list OUTSIDE-IN remark Allow ICMP return messages

access-list OUTSIDE-IN permit icmp any any unreachable

access-list OUTSIDE-IN permit icmp any any time-exceeded

access-list OUTSIDE-IN permit icmp any any echo-reply

access-group OUTSIDE-IN in interface outside

You will naturally use the existing ACL if you have one. If no ACL exists you can use the above configuration as it is.

Hope this helps

Please remember to mark the reply as the correct answer if it answered your question.

Ask more if needed

- Jouni

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card