Found this
"If there is a static nat with a dest of any then it will perform the source nat even when the traffic is going across the VPN as that will match any.
If the VPN is configured so that both ends expect to see the physical IP of the boxes on the subnets at both ends then if you nat the source then the far end will say that shouldn't have been decrypted as it is not part of what it sees as the encryption domain of the sending gateway.
As the NAT is performed at the gateway then you can send what you like specifying the src IP on the host sending from as if that src has a NAT applied then it will apply the NAt which is exactly what is happening.
Disable NAT inside community applies to ALL nat both Hide and Static.
What you are getting is correct behaviour for your configuration, as by Disabling NAT inside community then it creates an implied NAT rule that prevents the static and hide nats whether then manual or automatic from taking place by being inserted at the top of the NAT rules.
If you uncheck the Disable NAT in the community then the NAT rules will be applied, and the traffic fails to pass correctly as it does not receive at the far end what it expects to see."
Alternatively create a NAT rule above rule 11 which is more specific to your needs, example:
Rule ID: 10
SRC: VLAN24
DST: Remote encryption domain DSTs (I assume you have a group or network object for this)
---
SRC: Original
DST: Original