I configured an ipsec vpn over Paloalto Network (site A) and a Fortigate (site B). On site B i had to configure a nat 1:1 and a VIP to avoid overlapping on the site A. The vpn and the nat works perfectly.
On the lan of site B i get duplicate ips on the Windows Server when i assign an static ip of the nat network (vip network).
Well, as the MS document says you're using application NAT is not allowed, while you set NAT against the condition. Only option seems to be make the subnets unique through locations to remove NAT. No way around it.