The 1-to-1 NAT functionality allows mapping a router's external address to an internal address, however, one of the IP addresses has to belong to the Router itself. In this case, I see you are trying to map the address 192.168.105.105, which is not an address for the router, to the 10.10.10.25 address in the LAN, which is not an address from the Router either.
I see you are using IPSec, so in that case it is a good idea to set up IKEv2 in both ends in order to have more than one local or remote subnet, so you can declare your VPN network in your remote end as a local subnet, and put the VPN network as a remote network on your IPSec configuration in the RUTX11. This should allow connectivity in both ways, in turn, allowing your LAN devices to connect to the .105 device in the VPN.
I remain attentive to any further comments.