cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
385
Views
0
Helpful
1
Replies

Trace Route Doesn't Return DNS Name

patrick.hurley
Level 3
Level 3

I changed from a Linksys E4200 to a 5505 and when I use trace route, it doesn't return a DNS name for each hop.   I can see the hops shown as asterisks.  Do I have to add something to inspect for this to work?                  

1 Accepted Solution

Accepted Solutions

Jouni Forss
VIP Alumni
VIP Alumni

Hi,

You could try the following. (Depending if your "policy-map" configuration is as its default settings)

policy-map global_policy

class inspection_default

  inspect icmp error

  inspect icmp

Then you could add the following to your ACL attached to your "outside" interface or configure a new ACL to your "outside" interface if it doesnt yet exist

access-list OUTSIDE-IN remark Allow ICMP return messages

access-list OUTSIDE-IN permit icmp any any unreachable

access-list OUTSIDE-IN permit icmp any any time-exceeded

access-list OUTSIDE-IN permit icmp any any echo-reply

access-group OUTSIDE-IN in interface outside

You will naturally use the existing ACL if you have one. If no ACL exists you can use the above configuration as it is.

Hope this helps

Please remember to mark the reply as the correct answer if it answered your question.

Ask more if needed

- Jouni

View solution in original post

1 Reply 1

Jouni Forss
VIP Alumni
VIP Alumni

Hi,

You could try the following. (Depending if your "policy-map" configuration is as its default settings)

policy-map global_policy

class inspection_default

  inspect icmp error

  inspect icmp

Then you could add the following to your ACL attached to your "outside" interface or configure a new ACL to your "outside" interface if it doesnt yet exist

access-list OUTSIDE-IN remark Allow ICMP return messages

access-list OUTSIDE-IN permit icmp any any unreachable

access-list OUTSIDE-IN permit icmp any any time-exceeded

access-list OUTSIDE-IN permit icmp any any echo-reply

access-group OUTSIDE-IN in interface outside

You will naturally use the existing ACL if you have one. If no ACL exists you can use the above configuration as it is.

Hope this helps

Please remember to mark the reply as the correct answer if it answered your question.

Ask more if needed

- Jouni

Review Cisco Networking for a $25 gift card