VPN

How to raise an IPSec Site to Site network through public IP addresses?

hello everyone
, I'm trying to raise an IPSec Site to Site network through public IP addresses.
I have multiple servers and two subnets from multiple addresses

first subnet is 11.11.11.2-10/24
server 10: billing - 11.11.11.3
server 11: web - 11.11.11.4
server 12: RouterOS CHR - 11.11.11.5. servers are not connected through this router in any way, it is only for IPSec the

second subnet is 22.22.22.10-15/24
server 20: web - 22.22.22.10
server 21: RouterOS CHR - 22.22.22.11. servers are not connected through this router in any way, it is only for IPSec

the fact is that when the IPSec connection rises and I see active connections in Active Peers and Installed SAs, then the server does not ping, but if we take local addresses like 10.1.0.0/24 instead of public addresses, then everything works, in Firewall NAT too configured, src=0.0.0.0/0 dst=11.11.11.0/24, and also in a different subnet, but the servers themselves, when accessing different services, do not go through IPSec.

maybe someone can help, there is an idea through a router, to conduct a network from servers so that the servers have gateway=11.11.11.5, but have not tried it yet