Thanks for the help on this. So I was able to get it going somewhat. I disabled the old tunel for now and built a route-based tunnel and added this:
set interface tunnel.4 ip unnumbered interface untrust
set interface "tunnel.4" mip 10.2.1.0 host 10.1.1.0 netmask 255.255.255.0 vrouter "trust-vr"
set policy id 20 from "Untrust" to "Trust" "172.27.175.0/24" "MIP(10.2.1.0/24)" "ANY" permit
set policy id 19 from "Trust" to "Untrust" "10.1.1.0/24" "172.27.175.0/24" "ANY" permit
set vpn "VPN for 172.27.175.0/24" proxy-id local-ip 10.2.1.0/24 remote-ip 172.27.175.0/24 "ANY"
set route 172.27.175.0/24 interface tunnel.4
From the 172.27.175.0/24 network I'm at least able to ping a device on 10.1.1.0/24 (by using it's 10.2.1.0/24 address). But in the opposite direction, from 10.1.1.0/24 I'm not able to get anything and if I do a packet capture on the far end device I'm not seeing any packets. Did I miss something for the outbound nat?