Otherwise the traffic won't be encapsulated into the tunnel as it doesn't match the tunnel definition.
Hmm, are you totally sure about this? I don't have any positive contrary evidence, but I successfully run an IPSEC VPN like this:
Local Net Remote Net
172.16.0.0/22 172.16.2.0/24Even though the remote net is technically a subnet of the local net, I have had this work without issue. Note: it was not totally intentional, originally.
The next step:
–------------------
If one expanded this into:Local Net Remote Net
172.16.0.0/22 172.16.1.0/24
172.16.0.0/22 172.16.2.0/24
172.16.0.0/22 172.16.3.0/24Now you can send traffic bound from each remote net to another to the localnet.
This will work. Nobody said it wouldn't. If you can sum up your networks this way it will work. I have a 10 location setup running this way with 8 of the locations coming from dynamic IPs. The thing you can't do is add a static route across the tunnel.