What type of VPN are you looking to do?
Only one user can have a session active at a time; this could cause problems with connections to #1.
How is the VPN being determined OR is it that there is/will be a segregated network for #2 that users will have to connect to a dedicated portal for access from #1?
If a dedicated portal is an option:
Is using the HTML5 bookmark an option?
Is using the Java RDP bookmark an option?
If a dedicated portal is not an option:
it _may_ be possible to setup a machine auth connection for #1 that users can login to the original IP and then access to all will still be available (but all users that login will have access over the tunnel)

Thanks for the reply. I'll try to answer in a way that makes sense given my modest understanding of VPNs.

The VPN was set up by another department, I believe in an effort to make access to their most sensitive system more secure. It’s an EDMS system with highly sensitive data on it, so it’s only accessible via our internal network already. But it’s a large network, so they are locking it down further I guess. This is what I’ve called #2.

Currently the solution is to install the pulse secure client on your desktop, so when you need to access this one system, you start the client, login, and form your tunnel to that server. When you’re done, you disconnect and go about your other business.

The thing is, one team of users that access #2 don’t have software installed on their local workstations… they operate in a terminal server environment, effectively running “thin”. They login to their local PC, or Wyse, or laptop from home, and connect to #1, which is a standard Windows terminal server with all their productivity apps on it. They connect via RDP, whether they are on site or remote. No VPN is used either way.

Once logged into #1, they use their apps and also connect to other systems on the network which aren’t accessible from the outside, like #2-4, for specialized work as needed. Until now this worked great. But with #2 now requiring VPN, the users asked us to install the pulse secure client on #1. But I don’t think that will work, because if one user runs it on #1 and establishes a tunnel to #2, isn’t that going to disrupt the network for all other users?

I don’t know anything about the HTML or Java bookmark options. Do those establish a connection to the server in a different way than the Pulse client?

If what the users have asked for (in their limited understanding) isn't possible, can you point me to some documentation or details explaining this? I haven't been able to find a definitive answer, and I don't want to waste time trying to make it work if it's a non-starter.