Really this is not a IPsec VPN problem, VPN Itself working good because I see ICMP packets travels from one interface side to other interface side at the end of tunnel.
Yesterdat I'll figured it out because when I added NAT portfowarding rule on IPsec and virtual IP om MODEM interface for ICMP, then after commit I glad to see ping travel back on my admin pc station.
ICMP packets roadmap like below:
from 192.168.2.236 ping to 192.168.0.1 > echo request routed at 192.168.2.1 (pfSense gateway) under VPN tunnel.
from remote pfSense router VPN enpoint the echo request route to 192.168.0.1 but for a kind of behavior I dont'know the port fowarding nat rule translate ICMP ECHO request from 192.168.2.236 to 192.168.0.99 at the MODEM interface.
Packets ICMP ECHO request now will end to 192.168.0.1. and it will reply correctly sending ICMP ECHO reply back to 192.168.0.99.
So at this point pfSense router I guess made auto rule for NAT back the ICMP ECHO reply to my admin station 192.168.2.236 previously triggered by NAT portfowarding.
This works only with ICMP traffic type, TCP traffic not work ame as I described. I just decided to write new thread under NAT forum section for sekking to figure out enough about NAT LAN TO LAN translation for IP address, I guess to do with 1:! NAT But I'm not fully understand how it works at this time.
https://forum.pfsense.org/index.php?topic=139240.0
A side note, I unable to dump, (packet capture) the ICMP traffic under MODEM interace + NAT portfowarding rule. simply all left blank!! this is very strange for my opinion.