try to allow fragmented icmp echo-request and echo reply packets. i'm not sure

On 7/2/05, Mat Murdock <mmurdock underscore lists at kimballequipment dot com> wrote:
> I was wondering if there was a way to increase the allowed ping size
> over a m0n0 to m0n0 ipsec vpn. The reason is as follows:
> 
>    When running a M$ based network with a central location and numerous
>    satellite locations, you may encounter a rather nasty problem.
>    Windows 2000's method for locating a domain controller is not
>    exactly flawless. When a workstation checks connectivity with the DC
>    it first uses a normal icmp ping.  If the normal ping succeeds it
>    then tests the connection speed with an oversized ping.
>    Specifically the size is 2048k* which puts the total packet size
>    over 2k due to headers.  This isn't a problem when you are on a
>    local network with nothing between you and the DC but a switch.
>    However, if you are at a satellite location and you must traverse a
>    VPN to speak to the DC there may be trouble.  This functionality is
>    designed to prevent ye-old ping flood among other things.  Because
>    of this behavior workstations at satellite sites succeed with the
>    first normal ping but fail on the oversized one.
> 
> Any help would be appreciated.
> 
> Thanks,
> 
> Mat Murdock
> 
>