I hope someone is able to offer advice on a problem that I've been working on without success. Here's the scenario: The network has a subnet of 255.255.255.0 Windows SBS 2011 with one network card using 192.168.140.2 with the default gateway of 192.168.140.254 Windows TS 2003 with two network cards (2nd disabled as of last test) one using 192.168.140.1 gateway of 192.168.140.254 BT ADSL Modem Router on Line 1 using 192.168.140.254 (For internal internet and external OWA) BT ADSL Modem Router on Line 2 using 192.168.140.253 (For VPN passthrough) The VPN Modem Router on Line 2 simply forwards PPtP VPN connection requests (1723) to the SBS Server on 192.168.140.2 The problem is that the SBS uses only one gateway so either OWA works or the VPN works depending on whether you choose 192.168.140.253 or 254 in the networking setup, I've tried multiple gateways with different metrics but obviously the lower the metric, the first the choice of gateway. Is there a way of telling the SBS 2011 server to route VPN requests in and out of the 253 connection whilst maintaining all other traffic on 254? One of the other options I've looked at is to replace the BT router with a VPN modem router such as a Draytek and handle the connections at the entry point but I'd really like to see if I can get the current configuration working and I think it might have something to do with routing tables? I look forward to reading your replies. Regards Tony

So replacing one of the modem routers with something that handles VPN connections itself wouldn't help, it must be a dedicated unit controlling both ADSL lines to be able to route properly? What about using a different subnet on the second modem router and utilising the second network card on the TS 2003 box and relay to the SBS 2011 unit on the normal subnet, not feasible either?

Hi, Thanks for posting here. > Is there a way of telling the SBS 2011 server to route VPN requests in and out of the 253 connection whilst maintaining all other traffic on 254? If we are using the RRAS which in SBS host for providing VPN service then we should already have a virtual interface(PPP adapt RAS dial in interface ) on this server with a IP address which is in same IP segment that we specified for incoming VPN clients . So if we want to access the segment of dedicate VPN clients why not just create a routing entry . for instant , we assume segment 192.168.10.0/24 is for VPN clients then we need to create a routing entry 192.168.10.0 255.255.255.0 <address of virtual PPP adapt RAS dial in interface> on SBS server host. Do we have problem to access internal network by going through VPN tunnel with current topologic and configuration(double edge router with double internet address for different services ? I also agree with Bill about having a dedicate device to balancing the traffics with multiple internet addresses and single internal address. Epically this is a SBS environment so wed better to simplify the condition of internal network. Thanks. Tiger Li Tiger Li TechNet Community Support