Yes, using source routing does send all the traffic down the tunnel. I missed the need for the SQL servers to route outside the tunnel.
For policies, you will need to create at least two:
untrust to trust for the access needed from remote site devices to local devices at the hub site
untrust to untrust with interface nat enabled for the remote site subnet to the internet for internet access
You can confirm exactly what you need by looking at your trust to trust policy logs for the remote subnet on your current setup. If you enable loging on this policy you should be able to observe the traffic patterns.