VPN

How to set up a VPN correctly?

Hello. I have a problem and can't think of a solution.
There is a "building 1" and "building 2"
In building 1, a domain controller and a firewall that lets (or does not let) people on the Internet, file servers. Well, of course, working computers.
Subnet 192.168.0.0 with a mask of 255.255.128.0
There are several working computers in building 2. Subnet 192.168.241.0 with a mask of 255.255.255.0
VPN ipsec is configured between them through the subnet of the parent enterprise (10.0.0.0). Building 1 DSR-1000N. Building 2 DSR-150N. (long links)
Users from building 2 can easily see the domain controller and the entire subnet of building 1. From building 1, I have access to computers in building 2.
There is also an Exchange server on the subnet of the parent company, so users in building 2 go there without any VPN, since the same subnet is the WAN in the VPN routers.
But the firewall is connected to the domain controller via a different interface and is located on the 192.168.203.0 subnet and has an IP of 192.168.203.150.
How can I make sure that users in building 2 can use the internet? To do this, I need to direct all requests to external IPs to 192.168.203.150, and it is not included in the VPN subnet. Well, it’s clear that on the side of building 1 I am making a route that leads to a firewall, but I don’t know what to write on the side of building 2.
Described as best I could. I can draw a picture if needed. If the data is not enough, I will add. Help me to understand. Thank you.
Yes, you don’t even need a route to 192.168.203.150. You need a route to 192.168.1.1. This is a domain controller, it is also the default gateway for everyone in building 1, but I cannot specify it as the gateway in building 2 because of the VPN router.