Hi

Would I be right in assuming that only directly connected networks on a router would be accessible over a vpn tunnel when doing IPsec for site to site? 
 

for example; If if i had a ip address of 10.94.3.2/30 as the lan but on that network also lived a Cisco router with 10.94.3.1/30 directly connected to the Lan.

The remote site connecting to this router with the subnet of 10.94.3.0/30 would not be able to connect to a different address of 10.200.255.0/24 that was accessable on the Cisco router because it's not directly connected to the er8412 router.

In other words even though I could advertise the routes in the VPN setup information, sending traffic to 10.200.255.2 even by use of a static route,   it would not work because 10.200.255.0/24 is not a lan directly connected on the er8411.

I’m assuming that is correct and would have to make 10.200.255.0/24 as a Lan for this to work, but this problem is only relatable to VPNs and not a reflection of static routes.