Hi,
i think i found the solution, there was a description in the forum, so i followed that and configured that on my RB2011.
Currently it look it works correctly, all Connections from the local LAN goes trough WAN1 where is the router without ability to setup any portforwarding.
And if i connect a second laptop on WAN2 i can connect to the router trough IPSec/L2TP.
Here is the Config i followed:
/ip firewall mangle
add action=mark-connection chain=input comment=WAN1 in-interface=ether1-WAN1 \
new-connection-mark=MWAN1
add action=mark-routing chain=output connection-mark=MWAN1 new-routing-mark=\
RWAN1 passthrough=no
add action=mark-connection chain=forward comment=WAN1PF connection-state=new \
in-interface=ether1-WAN1 new-connection-mark=PFMWAN1
add action=mark-routing chain=prerouting connection-mark=PFMWAN1 \
in-interface=bridge-local new-routing-mark=RWAN1
add action=mark-connection chain=input comment=WAN2 in-interface=ether2-WAN2 \
new-connection-mark=MWAN2
add action=mark-routing chain=output connection-mark=MWAN2 new-routing-mark=\
RWAN2 passthrough=no
add action=mark-connection chain=forward comment=WAN2PF connection-state=new \
in-interface=ether2-WAN2 new-connection-mark=PFMWAN2
add action=mark-routing chain=prerouting connection-mark=PFMWAN2 \
in-interface=bridge-local new-routing-mark=RWAN2
/ip firewall nat
add action=masquerade chain=srcnat out-interface=ether1-WAN1
add action=masquerade chain=srcnat out-interface=ether2-WAN2
/ip route
add distance=1 gateway=ether1-WAN1 routing-mark=RWAN1
add distance=1 gateway=ether2-WAN2 routing-mark=RWAN2
add distance=1 gateway=192.168.1.1
add distance=2 gateway=200.100.100.12
Credit goes to zyxnull
Thanks, Kind regards