Two remote connections coming through two different gateway - is that possible?

Posted on 2009-02-17
Last Modified: 2012-05-06
Dear experts,

I have an idea regarding VPN remote connections and would like any expert to see if it will work. ANd here is my current situation :-

We have 3 sites - HQ, S1 & S2. S1 and S2 has a site-to-site VPN connection to HQ; there is NO connection between them. I have TWO Terminal Servers in HQ and remote connections are coming into different server - i.e. S1 comes to T1 and S2 comes to T2. All offices has its own static IP address from our ISP.

We would like to install additional broadband in our HQ to increase internet bandwidth. I understand we can have BONDED ADSL solution for additinal bandwidth and load balancing but they are not cheap. So I am wondering if we can get away with that, cheaply.

My proposal is, to install an additional ADSL line (with a new static IP) in our HQ. Put a new router (R2) in and create a site-to-site VPN to S2. Change the router in S2 so that its VPN is coming via the new line (change the static IP to the new IP given). Ports forward on R2 to T2. On T2, I shall change the Default Gateway pointing to R2 ( while no change in T1 (still pointing to R1 which is

So here is what I want to achieve :-

S1 comes in via R1 to T1
S2 comes in via R2 to T2

Will the above work? I sometimes need to use RDP to their servers (or workstations) - with two gateways in the HQ, I think I have to change the Default Gateway on my computer to when I need to dial to S2.

Thank you for any advice.

Question by:ormerodrutter
    LVL 17

    Expert Comment

    Doing it the way you suggest sounds like it would work but with some restrictions.  Server T1 would not be able to communicate with site S2, and T2 would not be able to reach S1.  And your own computer would be able to reach one remote site but not the other, depending what you set your default gateway to.

    Another approach would be to keep R1 as the default gateway for all machines at HQ, but to configure it with static routes to tell it to forward any traffic fintended or S2 to the new router R2 (assuming the two routers are on the same internal network.

    We've used a similar setup: one router set as the default Internet gateway, which handles all external traffic, but redirecting all inter-site VPN packets to another router on a separate connection.
    LVL 23

    Author Comment


    Thanks for your input but I want to utilise TWO broadband lines. Reason to have an additional line is that users are complaining slow remote connections so we have decided to add n extra ADSL line in. Don't really care if T1 can't communicate with S2 or visa versa as this wasn't the intention anyway.

    I believe I can change my default gateway when I want to reach different site and change it back when I want to reach the other. I can give myself a fix IP from the system.
    LVL 17

    Accepted Solution

    Yes, you can do what I suggested through two separate broadband lines L1 and L2.  R1 would be connected to L1 and to the internal network; R2 would be connected to L2 and to the internal network, R1 would be the default gateway for all computers, and R1 would know ( by having static routes added to its routing table) that in order to send packets to S2, it has to forward them through the internal network to R2.
    LVL 23

    Author Closing Comment

    My theory was right it works. Thanks.

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    How to improve team productivity

    Quip adds documents, spreadsheets, and tasklists to your Slack experience
    - Elevate ideas to Quip docs
    - Share Quip docs in Slack
    - Get notified of changes to your docs
    - Available on iOS/Android/Desktop/Web
    - Online/Offline

    I guess it is not common knowledge to most Wintel engineers/administrators: If you have an SNMP-based monitoring system in your environment (and it's common to have SNMP or Syslog) it's reasonably easy to enable monitoring of the Windows Event logs,…
    On July 14th 2015, Windows Server 2003 will become End of Support, leaving hundreds of thousands of servers around the world that still run this 12 year old operating system vulnerable and potentially out of compliance in many organisations around t…
    Sending a Secure fax is easy with eFax Corporate ( First, Just open a new email message.  In the To field, type your recipient's fax number You can even send a secure international fax — just include t…
    In this seventh video of the Xpdf series, we discuss and demonstrate the PDFfonts utility, which lists all the fonts used in a PDF file. It does this via a command line interface, making it suitable for use in programs, scripts, batch files — any pl…

    779 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    16 Experts available now in Live!

    Get 1:1 Help Now