Working on a project that is going to involve around 150 site-to-site IPsec tunnels.  Near end is a FortiGate 300E.  Remote ends are Digi TX64 cellular routers installed on transit buses. 

IPsec setup is straightforward enough. The issue is all of the buses use identical numbering schemes on a 192.168.x.0/24 network. In other words, the same device on every bus will be 192.168.x.100.  Because of the way the Digi routers handle NAT configuration, it is highly preferable to handle all of the required NAT operations on the FortiGate end.

SNAT for the traffic coming into the FortiGate works well enough, 192.168.x.100 becomes 10.x.x.100 and goes on to it's destination on the internal network according to a flow trace.  The problem I'm up against is the response packets from the internal server get back to the FortiGate, DNAT converts them back to 192.168.x.0 addresses, and then the FortiGate doesn't know how to route them.

We do have a route configured on the FortiGate that encompasses that 192.168.x.0/24 subnet and points back into our internal network, which obviously is the wrong direction.  But, even if I overcome that, I've still got the issue of having 150 identical 192.168.x.0 subnets needing routed out specific VPN tunnels.  Basically, I need a way to route based on the 10.x.x.x addresses that the packets are using prior to DNAT.