If I understood correctly, you want 2 sites (which are not connected directly between them), to use your main office as "hop" to get connected?
If that's the case, it is a routing problem. BranchA doesn't know that it has to route traffic intented to BranchB through your main office. Since you cannot really add static routes that play with IPsec, the solution is to add another Phase2 at BranchA and BranchB (and the main office, of course) which connects the opposite site subnet.
Example: let's say main office is 192.168.0.0/24, BranchA is 192.168.1.0/24 and Branch B is 192.168.2.0/24
On BranchA you add a Phase2 that reads:
Local Subnet: 192.168.1.0/24
Remote Subnet: 192.168.2.0/24
Same (but opposite) on BranchB and main office. You would need as many Phase2's as sites you want connected.
After that it should work. Some time ago I had the same problem and solved it in this way.
Whether you can add or not another Phase2 on the Netgear firewalls, that's a different story. You could also solve this by using NAT before IPsec (which should be available on 2.1, haven't tested it yet), but you won't have full transparent connectivity.
Regards!