Guide to configure IPSEC for public IPs (peer IP within that range)

Hello.
I would like to configure :
-an IPSec tunnel between 2 routers
-first router is plain and simple - public IP and LAN (say WAN 80.1.1.1 LAN 10.0.0.0)
-target IP range for the other end is a public range (say WAN 140.1.1.0/24), don’t care about LAN
-second router has IP within that range (ie 140.1.1.10)

So the tunnel would be between 10.0.0.0/24 exiting via 80.1.1.1 and entering via 140.1.1.10 to network 140.1.1.0/24.
What rules should be set to allow the IPSec protocol to communicate and not be caught in the tunnel policy ?
Also, the second router will be passing encrypted and decrypted traffic via the same interface and IP - is that possible ?

The reason for this is that the other ends IPs are behind a firewall not managed by me. Making changes takes time and using and maintaining VPN per each computer is troublesome. I’ll be thankful for any suggestions.

You can always make exceptions to you tunnel policies by writing another policy with action=none.
This can e.g. be necessary when you want to tunnel a local subnet to a remote subnet where the local subnet is
a subnet of the remote subnet. (e.g. local subnet 192.168.33.0/24 remote subnet 192.168.0.0/16).

It is often more intuitive to make a tunnel interface with IPsec security and only a very small IP subnet on it (/30)
then route the actual LAN range via that tunnel using static routes or a routing protocol like BGP.