Yes is the short answer, I have done it before and it can be a bit of a pain. I have attached a link to a document that Cisco host and it has a pretty good basic example of configuration although it does not take internet access into consideration.
The important thing to note is that IP addresses do indeed need to be unique, if they are not then essentially you are finding away to disguise them using NAT before the encryption process take place. Its also worth bearing in mind that whilst this works for the IP layer you still have to consider the affects on DNS.
Here is the document: Configuring an IPSec Tunnel Between Routers with Duplicate LAN Subnets
Please feel free to ask anymore questions.
Discuss This Question: