How do I configure multiple gateways on a Windows 2003 Server

chadwillbe used Ask the Experts™
I have a client that has a T1 connection with a Netgear firewall and a DSL connection with a Motorolla modem/firewall device.  I would like to be able to RDC to the SBS 2003 server over both the T1 and the DSL connection.

T1 Router LAN IP:
DSL Router LAN IP:
SBS 2003 LAN IP:

Scenario and constraints: The SBS currently has only one NIC and IP Address. (I can add a second IP address if that would help me achieve the resolution I'm seeking). I prefer not to add a second NIC. I need for the server to send mail out of the T1 router (.254) only. In the SBS's TCP/IP properties I have added a second gateway for the DSL (.253).

My progress:  By adjusting the 'metric' setting for each gateway I can direct Internet browsing traffic thru whichever Internet connection I want, however, I can only connect via RDC with the T1 and not the DSL, or, I can connect via RDC with the DSL and not the T1.  I have not tried using the "Automatic" metric setting for both of the gateways though... my concern is that if I did, how would I control which gateway the server would send mail through.

This is my first question to be posted so I hope I've setup the question with enough info for you to reply.  If not, please let me konw.
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Distinguished Expert 2018

If I understand your setup, the problem isn't SBS or how you've set up your gateways. Sending mail is an outgoing connection, thus SBS looks at its gateway setup to determine how to respond.

However when you are connecting to SBS remotely, it is the outside machine establishing the connection. The only way you could accomplish what you want is if you could somehow convince your machine to connect to SBS via both public IP addresses, which standard RDP simply doesn't support.

In short, I don't believe there is a way to accomplish what you want.
Solutions Architect
it is not a windows problem, it is a networking concept in general. the problem cannot be solved not even with 2 NIC. the host (computer) will always send all traffic through the gateway with the lowest metric.
I agree with Akhater, Your best bet would be a Barracuda Link Balancer.



cqaliher, thank you for your input.  To answer your question re SBS, everything with SBS is working fine and has been for years.  The customer just recently installed a DSL line.  I have configured the network such that the workstations now browse through the DSL connection (for speed sake).  The server services (mail, rdc, RWW, etc.) all function through the T1 line.  I would simply like to be able to externally RDC into the server via the DSL connection.  I've pinholed/port forwarded 3389 to the SBS but it only works successfully when the .253 gateway's metric is lower than the .254 gateway metric.

Let me also clarify, I'm trying RDC into the SBS through both Internet connections one at a time but not concurrently.
AkhaterSolutions Architect

If you know beforehand what IP you will be RDC from then static routes would help. if not there is no protocol based routing in windows. again windows would only answer from the gateway that has a lower metric.

ONE possible workaround is to add an ISA/TMG on the DSL connection and configure you server publishing as "appearing from ISA server" so that the windows doesn't use its default gateway at all
Distinguished Expert 2018
Ahh, if not concurrently then what you want to do is get a good router. Not a consumer NAT device that calls itself a router, but a *real* router that looks at packets and decides what path it should take based on the the closest IP address, protocol, etc. You can get small business load balancing appliances for under $1k, but it will never be "consumer" priced.


I can see how you would be right but... what i don't understand is that if the dsl router communicates with the SBS, then why wouldn't SBS reply directly back to the DSL router, allowing me to RDC being that the SBS knows the request came from the DSL router? Why would it even need to use the gateway in this scenario?

Again I offer up the Barracuda Link Balancer. I have installed this for a few clients now. Beside the fact the thing works like a tank. It can connect multiple internet connections to one device giving your clients network one gateway.
AkhaterSolutions Architect

the DSL router is communicating with your SBS on local IPs (same subnet) the issue is then when you are reaching your sbs from the internet you SBS is "seeing" your public IP and to reply to it, since it is in a different subnet, it needs to use a gateway. that would be the one with the lowest metric irrespectively from where the packet came from.

If your DSL router has an option to show its own internal IP instead of the public one that would solve it for you (like ISA/TMG)
Distinguished Expert 2018

that is the basic premise of IP traffic. Since it was designed by the military for a network to survive in case a city got nuked, traffic does not have to go out the same path it came in. Again, not Windows specific.

But, because of the potential for a denial of service exploits, many gateways (such as DSL and cable modems) will not pass on an ACK if they didn't see a SYN. So your server is sending out a packet to a different gateway than the incoming packet, the gateway says "I don't have anything requesting an acknowledgement!" and drops the packet, so your connection fails.
I'm thinking the only solution in this case is to send mail out via a smart host, which can be a simple machine running SMTP services, with its gateway set to your T1.  Other than that, I don't think you have much other options to fulfill your requirements.

I hate to sound like a broken record here but the Link Balancer will do what you want.

1. The main reason you don't have multiple gateways in Microsoft Server world is that the machine will be advertised as two different machines. Several important identifiers will appear to be in two different places. It is a problem fraught with pain and confusion. It is the primary cause of your main complaint.
2. RRAS can route based on ports if you are willing to accept the way it works.
The design of networking (as stated by Akhater) precludes some of the things you're asking, but the net result can be done to your satisfaction.
3. You can achieve your goals on a combination of routing added to the routers of each ISP. The T-1 routers can probably be set up to forward specific protocols and ports (RWW, RDC etc.) based on the requested static IP.
Say T-1 ISP sets up an external IP as x.x.x.0-16 . and DSL ISP sets up static IP on y.y.y.0-16 .
You can talk to the techs at the ISPs and either they can set up what you need or they will tell you how to do it.
Then you can set up the users to be able to use whatever at will.
You set up x.x.x.3 to go to for example. You tell the RRAS to forward that traffic through the inside .250
Setting up several IPs on SBS 2003 isn't difficult either. Then you could set the app to talk on that IP. This can help with problems you have.
Don't forget Connectors. SMTP, mail ports etc. can be sent through Connectors and solve some problems

The only outbound gateway should be set to the DSL (speedy Internet access for general use), and routes set up to point the other paths needed to the T-1.
You can set up as many routes as you want using RRAS.
You can just type them in at the prompt, for that matter.
It is more commonly done than you might think.
Here's an article from MS:
RRAS is essentially the Firewall for SBS 2003. It can use ports for filtering and routing, and the combination of tools in SBS and your ISP routers can do the job.
Here's one from EE:

I would assign a range of IPs to the SBS and use them. Some people will dispute this, but consider the number of purposes SBS serves. It is easy to solve these problems when you have separate servers for every purpose. In SBS you soon run out of ports, and since, for example, :80 is used on every web site, you need extra IPs to NAT to your external IPs in order to make routing easy. (Port address translation is very difficult with RRAS).

DNS requires you to have two mail servers, for example. Difficult on SBS. Solution? Set up a second IP and run the second instance of SMTP on it. I know it's one server doing two jobs, but it shows the need for multiple IPs.
But only one IP in the server has a gateway!!!!! The gateway is for last resort.
You can also route two ISPs via an inexpensive router, as has been suggested. I like the RV042.


Thanks to all of your help and responses! Because it is a basic networking concept that I would be working against I'll try accepting that and working in the system... I believe I'll be proposing a Link Balancer to my client.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial