I'm working on my first LIVE IPSEC tunnels.  Attached is my network design.  Site A is our primary site with all the resources.  Site B is currently connected to Site A using a Layer 2 MOE connection.  I'm eliminating the L2 MOE for a Business Cable GigE config.  Users at Site B and Site C need access to the resources at Site A.  (Domain Login etc.)  Otherwise, each site connects directly to the internet via their own POP.  

I'm currently trying to get Site C to connect to Site A via IPSEC.  The firewall outside address is an unroutable address.  In all the labs, none actually emulate a real world scenario where the firewall sits behind a Customer Edge Router (Defense in Depth).  Either the firewall is directly connected to eachother and can ping "connected" devices.  Or, the emulation fails to represent real world sites connected via real world internet.  So, yes, I had bench tested this config.  It worked.  Once I put it in real world scenario, I can't ping the outside of the distant firewall.  

Could I, 1, create a static route on Site_A firewall for 10.200.0.10 255.255.255.255 50.79.222.XXX?  or, 2, do I need to move my Firewalls outside my CE_RTRs?  (I believe I can bridge my ISP_RTR so I can hit a public IP to my first device after my ISP_RTR).  Or, eliminate the CE_RTR all together and use the firewall as my CE_RTR?