Hello,
I assume the 10.2.16.0/24 network is on the Lancom side.
Add this 10.2.16.0/24 network on the Lancom as a local network, then add this same network on RUT950 to 'remote networks' to match. This way, IPSec will know that there are two remote networks available via IPSec.
However, each network requires a separate SA. So for this to work, you also need to enable Compatibility mode on RUT950 in IPSec -> Connection settings -> Advanced settings.
Kind Regards,
Andzej