this is the topology i have added 172.10.100.27 in ACL so in return traffic routed through VPN tunnel

system B should be transparent and I don't want other office send traffic to system B directly (172.10.100.27) 

the remote office should not know about system B in middle,

the normal traffic flow from remote office host IP sends traffic to system A using IPsec Tunnel, and know i need to proxy all traffic and should be handled by system B (works as proxy system)

and in future in case system B removed change will be in my site and easy to recover normal traffic flow

the traffic is SMPP,  i just want redirecting traffic and allowed changes only in FW

when i used NAT the packet received from remote office (source IP 193.10.10.10 destination IP 192.168.10.30) and once entered the fw NAT applied so packet became (source IP 193.10.10.10 destination IP 172.10.100.27) so based on routing sent to system B

then system B handled the traffic and sent directly to system A with following details (source IP 172.10.100.27 destination IP 192.168.10.30) then System A reply to B (system B can correlate replay of any request) then B sent this reply to real source which is remote office with packet (source IP 172.10.100.27 destination IP 193.10.10.10) and sent directly to FW 

and based on ACL (source IP 172.10.100.27 destination IP 193.10.10.10) this packet encapsulated and SPI assigned (SPI of 172.10.100.27 subnet)

the issue occured after NAT where source IP changed and packet became ( source IP 192.168.10.30 destination IP 193.10.10.10 with SPI related to 172.10.100.27)  so in the other side (remote office ) error message dispalyed as below:

The decapsulated inner packet doesn't match the negotiated policy in the SA. The packet specifies its destination as 193.10.10.10, its source as 192.168.10.30, and its protocol as icmp. The SA specifies its local proxy as 193.10.10.10/255.255.255.255/ip/0  and its remote_proxy as 172.10.100.0/255.255.255.224/ip/0.