Computers periodically pinging the server through VPN?!

I have a Cisco PIX router/firewall, an SBS server sitting behind it, and a VPN tunnel from router to another remote site router.
Why do the computers in the remote site periodically ping the SBS server?? Is it normal?
messages.PNG
LVL 7
cybrexusAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

MightySWCommented:
Yes, this is normal.  This is an ICMP fragment that AD uses to ping remote sites.  How fast is the link to your site?

You can eliminate this by changing the slow link threshold GPO.  By default it is set to 500.  Basically what this does is send a very small fragment of ICMP to determine if it can send changes of the GP to the remote site, etc...

HTH
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
ricks_vCommented:
I dont think it's normal for a continuous ping packets being sent from the server.
 I would think some monitoring program or similar is installed on the server (maybe router traffic monitoring). IF you have access to the server, you should have a look what applications are running on the server causing the unnecessary ping traffic to the router..
0
MightySWCommented:
its on the same subnet.  Is the response coming from the remote site?
0
Introducing the "443 Security Simplified" Podcast

This new podcast puts you inside the minds of leading white-hat hackers and security researchers. Hosts Marc Laliberte and Corey Nachreiner turn complex security concepts into easily understood and actionable insights on the latest cyber security headlines and trends.

MightySWCommented:
Again, this is just what an IDS/IPS log will show.  I have seen this before.  You can stop it by removing echo-reply and timestamps.
0
MightySWCommented:
Run wireshark on your switch that the PIX is on and see if you can see how large the TCP packets are.  I will almost bet my paycheck that they are ICMP fragments as this is the way that Group Policy performs it's slow link detection or whether or not to send the GP at all.  If this is down then the GP will not be applied and 90 minutes later the remote site will have a partial replica of the GC.
0
cybrexusAuthor Commented:
thanks guys, that's what I thought - slow link detection. I have disabled it through GP and no more icmps.
0
MightySWCommented:
Glad that took care of it.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Routers

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.