www.hand-well.com.cn
the IPSec communication ××× same subnet
a network scenario:
two fly tower outlet deployed firewalls 201E and 8OC, the network uses two grid and a segment address assigned 192.168.1.0/24 for Internet users, there are two overlapping sub-problems.
I would like to open up in the net at both ends of the tunnel by ××× achieve 201E network users can gain access to server resources under 80C: 192.168.1.111. 
Second, the configuration steps:
1, the establishment ipsec tunnels (ipsec tunnel no special configuration, this not explain)
recommend the use of point-of-interest stream is 0.0.0.0/0, by routing traffic to ××× drainage channel.
2, 80C side configuration
1) Configure VIP mapping policy
to map the 172.16.1.0 network segment to segment, in order to avoid network collisions, this time using a full map. 
2) Configure Route 
3) Configuration Policy 
3,201E side configuration
1) Configure route to the VIP address segment 172.16.1.0/24 
2) 192.168.2.1 IP address pool, the policy for calling 
3) configure the policy, the SNAT to 192.168. 2.1
3, test results
Test ping the remote server 192.168.1.111, the actual needs of ping 172.16.1.111
201E on data:
Host Source address 192.168.1.110 address 192.168.2.1 is converted into 
the data 80C:
matching mapping rule to the VIP, 172.16.1.111 converted into real IP address 192.168.1.111, and realize communication server