Hi,
You have one subnet 10.1.1.0/24 behind 5GT which already exists on some other site. So you need to source your all the traffic from different subnet. e.g. 10.0.2.0/24
Below will Source NAT the VPN traffic:
set interface "tunnel.2" mip 10.0.2.0 host 10.1.1.0 netmask 255.255.255.0 vr "trust-vr"
Need to set the policy for the VPn traffic only:
set policy from "<tunnel interface zone>" to "Trust" "any" "MIP(10.0.2.0/24)" "ANY" permit
Now, if you are using any proxy-ID config then you need to use 10.0.2.0/24(local to 5GT) and remote same 172.x.x.x subnets. And users from 172.x.x.x subnet shoud send the traffic to 10.0.2.0/24 subnet and let firewall do the NATting, they need to send traffic direct to 10.1.1.0/24 subnet anymore.
Thanks,
Vikas