hi,
this is the worst case when connecting 2 remote subnets.
In principle you can destination NAT outgoing traffic (VIP) and source NAT incoming (IP pool) in one policy, and vice versa in the other. But that is a little bit clumsy.
In your case, you could make your life easier with subnetting. Instead of a /24 network mask, you could use a /25 mask like 192.168.x.0/25 (HO) and 192.68.x.128/25 (remote). Note that you loose access to IPs .90-.127 on the branch side. And it takes some effort on the network clients as well.
You can find a detailed example for double NATting in the FortiOS Handbook, and maybe in the Cookbook as well (both on docs.fortinet.com). There are several KB articles on this subject as well.
Ede
"Kernel panic: Aiee, killing interrupt handler!"