I have a question.
Why are you using L2TP to accomplish the virtual private network in your diagram?
L2TP offers no encryption and no security what so ever.

First, thanks Ada for the link. It confirmed what I had been thinking and I successfully applied it using the L2TP tunnel option! I haven't yet received the 6020, but I was able to use Mac OS X 10.10.1 Yosemite as remote client to connect to the 604 and its LAN, set up for now as L2TP server.

Even without the 6020, and having to manually press "connect" on the Mac as L2TP client, I can already ping both ways from and to any computer on the 604's LAN. Works beautifully and I'm looking forward to receiving the 6020. Once I have that, I will reverse the roles as per diagram: 6020 at head end, multiple 604s at branches. I'm confident that through this setup my ultimate goal of an always-on LAN-to-LAN VPN network with automatic client-side initiation will be accomplished.

@Vpnrouter:
I'm actually using L2TP/IPsec, not simple L2TP. If employed together with IPSec, L2TP offers much superior encryption to PPTP.

As it states in the user guide of either of these routers, all you have to do to get L2TP/IPSec is enable "encryption" in the L2TP pane and enable IPSec under its own pane. No need to fill out anything else there!

My Mac is strictly L2TP/IPSec, so the fact that I got it to connect with the 604 (using the same shared secret) is proof that it's all properly encrypted using IPSec.

I hope this helps others as well. These are awesome products!

I updated my diagram above with corrections and additional info...

Good choice securing your data with IPSec.