In this mode, network resources that clients can originally access are completely shielded. Clients can then access only the resources in a remote intranet rather than the resources in the network of each client.
In this mode, the resources in the public network are shielded except the resources of the same network segment that the client originally access.
When other resources such as resources in a public network are forwarded through a virtual network card, they are encapsulated with virtual IP addresses. Therefore, resources cannot be normally forwarded.
In this mode, access authority for the remote intranet is supported. In addition, the network resources that clients can originally access are not affected after this mode is configured unless they conflict with the resources in the remote intranet
we can check the routes in windows cmd: route print