Hi,
You can have internet and vpn on same router, but is better to have separate router for that function. If you have budget, it would be ideal to have separate internet circuit for partner and normal internet traffic. The idea is to reduce the level of impact when there is any failure, and make it easy to troubleshoot.
The config should be normal, based on the process order of operation, the router will process VPN traffic first if it matches the ACL for encryption. The unmatch packets will be routed/natted normally. Do you have more specific question regarding the config?
HTH,
Lei Tian