Two remote connections coming through two different gateway - is that possible?

Dear experts,

I have an idea regarding VPN remote connections and would like any expert to see if it will work. ANd here is my current situation :-

We have 3 sites - HQ, S1 & S2. S1 and S2 has a site-to-site VPN connection to HQ; there is NO connection between them. I have TWO Terminal Servers in HQ and remote connections are coming into different server - i.e. S1 comes to T1 and S2 comes to T2. All offices has its own static IP address from our ISP.

We would like to install additional broadband in our HQ to increase internet bandwidth. I understand we can have BONDED ADSL solution for additinal bandwidth and load balancing but they are not cheap. So I am wondering if we can get away with that, cheaply.

My proposal is, to install an additional ADSL line (with a new static IP) in our HQ. Put a new router (R2) in and create a site-to-site VPN to S2. Change the router in S2 so that its VPN is coming via the new line (change the static IP to the new IP given). Ports forward on R2 to T2. On T2, I shall change the Default Gateway pointing to R2 ( while no change in T1 (still pointing to R1 which is

So here is what I want to achieve :-

S1 comes in via R1 to T1
S2 comes in via R2 to T2

Will the above work? I sometimes need to use RDP to their servers (or workstations) - with two gateways in the HQ, I think I have to change the Default Gateway on my computer to when I need to dial to S2.

Thank you for any advice.

LVL 23
Who is Participating?
Yes, you can do what I suggested through two separate broadband lines L1 and L2.  R1 would be connected to L1 and to the internal network; R2 would be connected to L2 and to the internal network, R1 would be the default gateway for all computers, and R1 would know ( by having static routes added to its routing table) that in order to send packets to S2, it has to forward them through the internal network to R2.
Doing it the way you suggest sounds like it would work but with some restrictions.  Server T1 would not be able to communicate with site S2, and T2 would not be able to reach S1.  And your own computer would be able to reach one remote site but not the other, depending what you set your default gateway to.

Another approach would be to keep R1 as the default gateway for all machines at HQ, but to configure it with static routes to tell it to forward any traffic fintended or S2 to the new router R2 (assuming the two routers are on the same internal network.

We've used a similar setup: one router set as the default Internet gateway, which handles all external traffic, but redirecting all inter-site VPN packets to another router on a separate connection.
ormerodrutterAuthor Commented:

Thanks for your input but I want to utilise TWO broadband lines. Reason to have an additional line is that users are complaining slow remote connections so we have decided to add n extra ADSL line in. Don't really care if T1 can't communicate with S2 or visa versa as this wasn't the intention anyway.

I believe I can change my default gateway when I want to reach different site and change it back when I want to reach the other. I can give myself a fix IP from the system.
ormerodrutterAuthor Commented:
My theory was right it works. Thanks.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.