You could also do this by supernetting the phase2 if your local/remote networks are all within a non-overlapping range.
In your example you could use 192.168.4.0/22 (192.168.4.0 <-> 192.168.7.255) for your local subnet on the phase 2, and 192.168.8.0/21 (192.168.8.0 <-> 192.168.15.255) for the remote subnet on the ipsec tunnel.
You would then just create firewall rules at the ipsec level to govern the /24 subnets within those networks and how they talk to each other.