Just to provide some more detailed information.
After the VPN is connected as described, both from the pfSense server console and from any client in the LAN 10.0.0.0/24 I can access the Internet, being able to ping both the Zywall interface to which the pfSense WAN belongs (192.168.0.254) and any other site, such as google.it.
But when I try to ping one IP of the remote VPN side (172.16.16.122 for example), this does not work.
I managed to have this ping to the remove VPN client working only from within the pfSense console, after changing the "Local Network" settings in the IKE Phase 2 configuration, from "Local subnet" to "Network" with address "0.0.0.0/0".
It looks like there are still some kind of firewall issues preventing an IP in the subnet 10.0.0.0/24 to properly communicate throught he VPN.
I've already firewall rules completely open for WAN, LAN and IPSec. I've also noticed that there is an Automatic Outbound NAT generated, from the LAN subnet to the WAN IP of the pfSense (192.168.0.51).
What am I missing to have client-to-client VPN communication in place? Maybe some kind of port forwarding from the WAN to the LAN, for the IPSec ports?