I have a web portal that is both internet facing and LAN facing.. I have the WAN NIC with a public IP and gateway. The LAN NIC only had an internal IP and no gateway. This worked just fine, however, we setup a site to site tunnel to our office.. We also use our internal domain DNS which resolved the internal IP of the web portal.. The site to site tunnel will required the LAN NIC to have the local gateway to be able to route between the two subnets in the site to site tunnel. Due to this I added the internal gateway to the LAN NIC. Everything is working, however, as I understand this is not best practice.. So.. Should I change the internal DNS records to resolve the public IP so the site to site users hit the public IP or should I setup static routes on the Windows server? I kind of like how the site to site users can access the web portal through the tunnel for that's more secure for those sessions..