IPSec NAT Address conflict

We have a situation where we need to connect via IPSec to a site that has a conflicting address range with our green network.

For this reason, we need to implement some NAT rules to rewrite the source and destination addresses when traffic crosses the tunnel. It is not unlike this example from StrongSwan: https://www.strongswan.org/testing/testresults/ikev2/net2net-same-nets/

I think I have my brain wrapped around it, but I don’t know where to put the rules in order to get them to have the right effect.

Our LAN is (that includes Blue and Green) and the remote side is using. to reach us.

Any help would be appreciated.