Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium


Computers periodically pinging the server through VPN?!

Posted on 2008-11-12
Medium Priority
Last Modified: 2012-08-14
I have a Cisco PIX router/firewall, an SBS server sitting behind it, and a VPN tunnel from router to another remote site router.
Why do the computers in the remote site periodically ping the SBS server?? Is it normal?
Question by:cybrexus
  • 5
LVL 20

Accepted Solution

MightySW earned 2000 total points
ID: 22945742
Yes, this is normal.  This is an ICMP fragment that AD uses to ping remote sites.  How fast is the link to your site?

You can eliminate this by changing the slow link threshold GPO.  By default it is set to 500.  Basically what this does is send a very small fragment of ICMP to determine if it can send changes of the GP to the remote site, etc...


Expert Comment

ID: 22947257
I dont think it's normal for a continuous ping packets being sent from the server.
 I would think some monitoring program or similar is installed on the server (maybe router traffic monitoring). IF you have access to the server, you should have a look what applications are running on the server causing the unnecessary ping traffic to the router..
LVL 20

Expert Comment

ID: 22947318
its on the same subnet.  Is the response coming from the remote site?
Who's Defending Your Organization from Threats?

Protecting against advanced threats requires an IT dream team – a well-oiled machine of people and solutions working together to defend your organization. Download our resource kit today to learn more about the tools you need to build you IT Dream Team!

LVL 20

Expert Comment

ID: 22947323
Again, this is just what an IDS/IPS log will show.  I have seen this before.  You can stop it by removing echo-reply and timestamps.
LVL 20

Expert Comment

ID: 22947343
Run wireshark on your switch that the PIX is on and see if you can see how large the TCP packets are.  I will almost bet my paycheck that they are ICMP fragments as this is the way that Group Policy performs it's slow link detection or whether or not to send the GP at all.  If this is down then the GP will not be applied and 90 minutes later the remote site will have a partial replica of the GC.

Author Comment

ID: 22947397
thanks guys, that's what I thought - slow link detection. I have disabled it through GP and no more icmps.
LVL 20

Expert Comment

ID: 22947409
Glad that took care of it.

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Tired of waiting for your show or movie to load?  Are buffering issues a constant problem with your internet connection?  Check this article out to see if these simple adjustments are the solution for you.
This article provides a convenient collection of links to Microsoft provided Security Patches for operating systems that have reached their End of Life support cycle. Included operating systems covered by this article are Windows XP,  Windows Server…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
When cloud platforms entered the scene, users and companies jumped on board to take advantage of the many benefits, like the ability to work and connect with company information from various locations. What many didn't foresee was the increased risk…

571 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question