We help IT Professionals succeed at work.

Routing with two WAN connections; I have a problem.

jasgot asked
Medium Priority
Last Modified: 2013-11-30
The story goes like this,   I had an Internet T1 dropped into two office locations and a VPN between them for office traffic. This worked well when all the equipment was PC based.  Then we went to Terminal Server and Thin Clients.  The TS was in one office.  So now, all TS traffic and internet traffic was sharing the same T1 in the main office. It was slow for web browsing, but not the office app, which is a terminal session to a unix server.

I decided ti bring in a high speed DSL line into the main office and setup my sonicwall tz170 at the main office to use the WAN port for the DSL and the OPT port for the T1; to have the Internet traffic go out to the WAN port and all VPN traffic go out the OPT port.  This seems to be working... but it is slower than molasses, for both browsing and the terminal app.

I'm concerned that my routing is not set up right.  I only understand enough to get myself in trouble so I am looking for some guidance on how to diagnose and resolve this.

Here is the routing table from the SW in the main office:
Destination Network Subnet Mask Gateway Address Destination Link WAN OPT LAN LAN WAN WAN LAN/OPT LAN

I can provide any other info needed.

Watch Question

"seems to be working" - no it probably is not.
Several limitations here - windows cannot "multi-home" a connection to the internet, they could not get it to work, so they removed ability of ANY windows version to use 2 routes to internet, it cannot do it.  Each windows machine, server or client, can only use one route.  Now since terminal services relies on windows, the terminals can only use whatever route the terminal server is using - but you can split terminal services between 2 servers (even a WS) and they will use whatever route the server is using.

Another limitation, because the way a sonicwall "backfeeds" the internet feed for firewall, it cant work with two routes to internet.  You might have got part working on one T1 and part on the other, by splitting servers to each route, but now you add ADSL, you have third problem.  ADSL not have a true IP and the routing is different than T1, so now you have a situation where the new DSL route is not "real" as far as server is concerned, therefore it automatically default to the T1 it knows to be secure IP, DNS & etc.


The T1 (only one is in play here) and the DSL are both on the 'other' side of the Sonicwall Firewall. Windows only knows one route and one gateway.
It would help to put the correct gateways in the routing table.
FOr the WAN, use the IP address of the ADSL modem (192,168,0,1?)
For the LAN, use the IP address of the unix server.
Both of these would fill in the 3rd column of 0s in your routing table.
If the DSL is VDSL, put in the DNS server that the VDSL modem connects to.
This might eliminate thrashing, but dont know if it will speed up the VPN or not.


Are you say to put them into the Sonicwall's table?

Also I don;t know where you are going with the dsl stuff, My DSL is a 5 static IP router. I do not know what VDSL is....
ADSL is true telephone DSL, VDSL is cable over telephone emulation, they are very different animals.
Yes, put the gateways in the routing table, you have four sets of numbers, use them to the max --

Destination Network       Subnet Mask         Gateway Address        Destination Link

You have most filled in but the gateway, this might radically improve LAN speed, since the sonicwall doesnt have to go searching for the gateway for each packet request, it might not change much.  The sonic setup is hard to test without actually being in front of it, so you will have to fill in the right values for these.  Most DSL routers default to a gateway, you may have changed it, but give the real gateway for this, rather than its DNS gateway (VDSL is the opposite).  FOr the T1, give the real IP address the T1 is connected to for the gateway (as you would a cable modem).  Hope this makes sense.

If you have 5 static IPs for the DSL, what are you using them for?  Did you know you can use them for different gateways to different systems with different functions, e.g. unix terminal server vs. windows server?


when you say use the gateway of the dsl or T1, do mean use the dsl modem's address as the gateway for the sonicwall? or do you mean use the same  gateway that the dsl modem or T1 Router uses, which I presume is actually at the ISP network ops center (and on another subnet)?

Let me give you the ip scheme for the dsl and t1:

Router IP:
Subnet Mask:

Router IP:
Subnet Mask:
GW: ( I do know that this address is at the ISP )

I would like to learn more about the static ips for the dsl as different gateways, I have never heard of that, it sounds interesting.

Destination Network       Subnet Mask         Gateway Address        Destination Link ?              OPT/T1
 (132? address)               WAN/DSL

Seems to me thats how it should be setup.  Since you are not using T1 for internet, you dont want the destination network as the T1 ISP, but you do need the ISP address (DNS servers for example) of the DSL provider, and you can get this by looking at config in the DSL modem.

The gateway for the local network to get to the internet should be the DSL router address, and the network should be the "WAN" i.e. the internet.
With T1, the destination network should be your own internal network, the gateway is the T1 router.
Hope this makes sense and I am not confusing you.  If this does not help, I suggest calling the DSL provider for the IPs they have assigned you and use them for a static IP for at least one or more servers, That will help with correct routing and VPN.  Also, you might ask this question again to see if any one else has different ideas for sonicwall setup.  Im not sure why the multiple entires you listed at start are needed.
I think the experts who contributed to this question provided more than the normal level of support.  YOu can refund if you want, but the question is, is the questioner just trying to get out of the question or was he seriously interested in a solution.  You decide, mod.


That's quite an accusation you are throwing out there, Scrathyboy. The experts may have put a lot of thought into their comments, but none provided anything other than confirmation of the existing configuration. The solution was to bring in a P2P T1.
Closed, 500 points refunded.
The Experts Exchange
Community Support Moderator of all Ages

Not the solution you were looking for? Getting a personalized solution is easy.

Ask the Experts
Access more of Experts Exchange with a free account
Thanks for using Experts Exchange.

Create a free account to continue.

Limited access with a free account allows you to:

  • View three pieces of content (articles, solutions, posts, and videos)
  • Ask the experts questions (counted toward content limit)
  • Customize your dashboard and profile

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.


Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.