We help IT Professionals succeed at work.

Two remote connections coming through two different gateway - is that possible?

ormerodrutter
on
Medium Priority
263 Views
Last Modified: 2012-05-06
Dear experts,

I have an idea regarding VPN remote connections and would like any expert to see if it will work. ANd here is my current situation :-

We have 3 sites - HQ, S1 & S2. S1 and S2 has a site-to-site VPN connection to HQ; there is NO connection between them. I have TWO Terminal Servers in HQ and remote connections are coming into different server - i.e. S1 comes to T1 and S2 comes to T2. All offices has its own static IP address from our ISP.

We would like to install additional broadband in our HQ to increase internet bandwidth. I understand we can have BONDED ADSL solution for additinal bandwidth and load balancing but they are not cheap. So I am wondering if we can get away with that, cheaply.

My proposal is, to install an additional ADSL line (with a new static IP) in our HQ. Put a new router (R2) in and create a site-to-site VPN to S2. Change the router in S2 so that its VPN is coming via the new line (change the static IP to the new IP given). Ports forward on R2 to T2. On T2, I shall change the Default Gateway pointing to R2 (192.168.0.253) while no change in T1 (still pointing to R1 which is 192.168.0.254).

So here is what I want to achieve :-

S1 comes in via R1 to T1
S2 comes in via R2 to T2

Will the above work? I sometimes need to use RDP to their servers (or workstations) - with two gateways in the HQ, I think I have to change the Default Gateway on my computer to 192.168.0.253 when I need to dial to S2.

Thank you for any advice.






Comment
Watch Question

CERTIFIED EXPERT

Commented:
Doing it the way you suggest sounds like it would work but with some restrictions.  Server T1 would not be able to communicate with site S2, and T2 would not be able to reach S1.  And your own computer would be able to reach one remote site but not the other, depending what you set your default gateway to.

Another approach would be to keep R1 as the default gateway for all machines at HQ, but to configure it with static routes to tell it to forward any traffic fintended or S2 to the new router R2 (assuming the two routers are on the same internal network.

We've used a similar setup: one router set as the default Internet gateway, which handles all external traffic, but redirecting all inter-site VPN packets to another router on a separate connection.

Author

Commented:
Aflockhart,

Thanks for your input but I want to utilise TWO broadband lines. Reason to have an additional line is that users are complaining slow remote connections so we have decided to add n extra ADSL line in. Don't really care if T1 can't communicate with S2 or visa versa as this wasn't the intention anyway.

I believe I can change my default gateway when I want to reach different site and change it back when I want to reach the other. I can give myself a fix IP from the system.
CERTIFIED EXPERT
Commented:
Yes, you can do what I suggested through two separate broadband lines L1 and L2.  R1 would be connected to L1 and to the internal network; R2 would be connected to L2 and to the internal network, R1 would be the default gateway for all computers, and R1 would know ( by having static routes added to its routing table) that in order to send packets to S2, it has to forward them through the internal network to R2.

Not the solution you were looking for? Getting a personalized solution is easy.

Ask the Experts

Author

Commented:
My theory was right it works. Thanks.
Access more of Experts Exchange with a free account
Thanks for using Experts Exchange.

Create a free account to continue.

Limited access with a free account allows you to:

  • View three pieces of content (articles, solutions, posts, and videos)
  • Ask the experts questions (counted toward content limit)
  • Customize your dashboard and profile

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.