Route VPN is better choice if you want conserve tunnel resources in the appliance. For instance, although you create several policies pointing the same VPN tunnel, each policie will create an IPSec security association (SA) with the remote peer and each of whic counts as an individual VPN tunnel. With route-based it's possible to have severals policies referencing the same VPN tunnel and will only exist an SA with the remote peer.
By the other hand, with route-based you can create policies with the Deny action (with policy-based the action is tunnel and the permit is implied)
Another advantage that route-based VPNs offer is the exchange of dynamic routing information through VPN tunnels. You can enable an instance of a dynamic routing protocol, such as Border Gateway Protocol (BGP), on a tunnel interface that is bound
to a VPN tunnel. The local routing instance exchanges routing information through the tunnel with a neighbor enabled on a tunnel interface bound to the other end.
Finally, route-based has the next advantages for Dial-Up VPN's:
- You can bind its tunnel interface to any zone to require or not require policy enforcement.
- You can define routes to force traffic through the tunnel, unlike a policy-based VPN configuration.
- A route-based VPN tunnel simplifies the addition of a spoke to a hub-and-spoke configuration
- You can adjust the proxy ID to accept any IP address from the dialup VPN client by configuring the remote client’s address as 255.255.255.255/32.
- You can define one or more mapped IP (MIP) addresses on the tunnel interface.
All this information appears in more depth in Configuration Guide
Regards