connecitivity between multiple IP SEC VPN Connections

It's better to have well planning of IP address space for a multi-sites network.
So that can get benefit of Zyxel firewall auto VPN routing.

Here is an example,
An company has multiple sites. Each site allocate 8 /24 IP network. The last /24 network is design for VPN clients.
If the company select 192.168.0.0/16 as the full IP address space of company.
Site A: 192.168.0.0/21 There are 8 /24 network, 192.168.0-7.0/24 and 192.168.7.0/24 is for VPN clients connect to firewall of Site A.
Site B: 192.168.8.0/21 There are 8 /24 network, 192.168.8-15.0/24 and 192.168.15.0/24 is for VPN clients connect to firewall of Site B.
Site C: 192.168.16.0/21 There are 8 /24 network, 192.168.16-23.0/24 and 192.168.23.0/24 is for VPN clients connect to firewall of Site C.
....

Site A as the VPN hub, which all sites will build site-to-site VPN to Site A.
All sites communicate with each other through VPN to the hub - Site A.
Site B to company network(via Site A): local policy-192.168.8.0/21  , remote policy: 192.168.0.0/16 
Site C to company network(via Site A): local policy-192.168.16.0/21, remote policy: 192.168.0.0/16
....

There are several type of client VPN that can assign IP address to the VPN clients.

• IPSec(IKEv1) with mode-config
• IKEv2 with configuration payload
• L2TP over IPSec
• SSL VPN

You can configure the IP address pool for VPN clients connect to each site,
Site B: 192.168.7.0/24 
Site C: 192.168.15.0/24
....

Then based on the auto VPN routing design of Zyxel firewall.
The routing will check the routing table in this order by default,
Direct route -> Dynamic VPN(VPN clients) > Policy Route > SiteToSite VPN