Have done this before
Head Office - Check Point - EncDom = It's Local Networks
Site A - unknown vendor but interoperable device
Site B - unknown vendor but interoperable device
To allow Site A to send to Site B then all that had to do was
Central - Head Office
Satellites - Site A and Site B
VPN Routing - Allow to Centre and Satellites
If Site A and Site B overlap then would need to be NATting at the location as could not have Site A and Site B seen the same at the Head Office. It would not know which Gateway to goto.
So would expect that Site A Enc Domain is actually the NATed IP for Site Aand that Site B Enc Domain is the NATed IP for Site B, the NAT being done at Site A and Site B boxes., ie they are seen as just the NAT address by the other locations.
Site A and Site B have to be configured to send traffic for each other over the VPN to the Head Office. How do that will depend upon what boxes they are.
So from Site A then traffic would look like
Network A to Network B NAT, as traffic leaves for Network B NAT then Translate the Source at Site A to be Network A NAT. Encrypt into the VPN tunnel to Head Office.
Traffic arrives as Network A NAT which see's as being from Site A, and destined for Site B NAT which it see's as going to Site B and so routes over using the VPN Routing in the VPN Community
Traffic arrives at Site B from Network A NAT to Network B NAT and translates the destination to be Network B.
Is how I would configure this.