Ok, so I have my Vigor 2820n connected to the internet. Currently it's providing DHCP and NAT for my primary subnet 192.168.1.0/24. I've attached another router to one of the switch ports on the 2820n with a secondary network 192.168.2.0/24 on the other interface. See here http://goo.gl/TLZS4 for a diagram.

From a machine on the 192.168.2.0 network I can ping both the local gateway and the Draytek 192.168.1.1 interface. However, I can't ping out to the internet and I'm pretty sure it's because the Draytek is configured to NAT for the 192.168.1.0 network but not anything in the 192.168.2.0 network.

Does this make sense? If so, is it possible to configure the Draytek to NAT for the secondary subnet? If so how?

Without getting into mapped public IP addresses the simple way is NAT twice.
The second "Router" - needs to do the routing for the second subnet.

Second router WAN is in the VIgor 192.168.1.0/24 LAN range (ideally fixed IP so you can DMZ or port forward).

All traffic behind second router WAN will appear to the Vigor as coming from a valid client and will be passed back and forth.
The second router then distributes that second subnet packets.

I do it for setting up new PC's, reduces the threat risk while patches and anti-virus are being applied.
I also VLAN the second router port on the Vigor but I would not consider it very secure in the long run.