Yes you can have remote to remote VPN communications. Your current setup has 2 tunnels one from each remote into the main location. The main location will have one ipsec with both remotes on it. For remote to remote the PEER addressing will be diferent so you will have to set up another tunnel on the remotes for remote to remote communications. Issue here is dynamic IP ? your getting dhcp from the ISP? is so the other option is. And I don't like this one. Is set up the main to allow remote to remote relay. You would need to add lines to the controlling access-list to permit remote 1 ip addressing to remote 2 ip addressing. And remote 2 to remote 1. Then add a static route at each remote pointing to the other through the main location. Also add this combination to the no-nat access-list so traffic remote to remote will not be nated like it was regular internet traffic. But all traffic from remote to remote will then be hairpined off of the main location. Increasing the load on the leased line.