Your NAT configuration should reflect the intended use:
I.e. will you be accessing peer's resources via this VPN? If so, you can use many to one (hide NAT). I would suggest to hide behind single host, but define same host's IP as another Network Object with /32 mask and use it in your Encryption domain. Some vendors are partial to the idea of establishing tunnels to hosts, instead of between subnet pairs.
Where "NAT_For_VPN_Host" IP is the same as the /32 network you'll include in your Encryption Domain.
If your peer's clients will be connecting to you, you'll have to actually create manual NAT rules for each of your internal resources, something like this:
With NATed_Server IP being in the range of the subnet you have included in your encryption domain and the Local_Server being actual IP of your resource.
Place these NAT rules on top of your NAT policy to avoid interference with other rules that may-be using same sources.
Cheers,
Vladimir