Sorry I didn't realize Zywall 2x is offsite...bummer. If 2x's WAN interface is DHCP client, plug it into the switch, it will pull an IP, then you can access it that way. Should work since firewall is disabled.
DMZ+ would assign public IP to your 2x's WAN interface. So the LAN interface on your 2x(192.168.2.2) would need that second connection or it would not be connected to your customers main LAN subnet, 192.168.2.0
Bridging 2701hg would be a somewhat neater solution to work around the IPSEC passthru limitations (pretty sure thats the problem here)