Difference between VPN in Route and NAT mode

In the LAN-to-LAN VPN profile, there are options: From first subnet to remote network, you have to do Route/NAT. The main difference between these two modes is whether the clients on both sites can reach each other. In Route mode, clients on both sites can reach each other. In NAT mode, only clients on Dial-Out sites can reach the entire networks, but the clients on Dial-In site cannot access the network of Dial-Out site.

Route Mode

To connect two subnets and let the clients can reach to each other's network; or, if you are establishing VPN between two Vigor Routers by LAN-to-LAN VPN, you will need to choose Route mode.

In this case, PC_A can access PC_B and set the Dial-in router as the remote gateway to access the internet; PC_B can access PC_A as well.

NAT Mode

NAT mode is used when you want to access the remote network, or you want to use the remote router as your internet gateway, but do not want to let the remote clients access your network. This is also for you to connect to the thirty party remote dial-in VPN service on the Vigor router.

In this scenario, PC_A can access PC_B and can set the Dial-in Router as the remote gateway to access the internet; but PC_B is not able to access PC_A.