"Thanks, that was virtualy worthless."
Wanderer has replied to your post, but in his usual meekness and diplomacy in such matters, through a third party (myself).
wanderer: "I am sorry my free advice has proven of no value to you in virtual terms. It seems I did read your post with my usual careful study and reflection, through which I usually grace all users. Please accept my humblest apologies for wasting your precious seconds on the Internet asking for help to perform your (perhaps now tentative) job."
Personally, I thought he let you off easy there.
Now, to solve your problem. Set up your border router with an external address. Set the other border router just the same. Enable the VPN and see if it works (do it late if you want, so you can fix it before the morning;). If you want, only allow one IP address on each network to use the tunnel (it should be in the options).
It would make your life easy if office2 had different private addresses. The subnet mask would be the same for both networks (in your example).
VPN does not mean everything on the network has to go through the VPN tunnel. The VPN tunnel is essentially a virtual direct route to another network (a bridge). If a packet wants to get there, it can take the tunnel. Also, resources can be shared securely, with a blanket of authentication.
But you can still do everything normally with a tunnel running.
