I am going to say that I am pretty sure you can not. I have never tried it but what would be the point of the VPN if you have them on the same subnet?
Consider, how would the device know which interface to send the data out of to the respective devices when there are TWO equally valid options?
You can use a one armed approach - see the solution design doc.
Typically you would port forward the respective ports thru the firewall to the SA un the TRUST zone, or place SA in the DMZ, and create specifc policy on the firewall to filter the traffic from DMZ to/from TRUST zone.