I think you are missing the NAT Exemption part of your configuration. Try creating an ACL that denies traffic source internal networks destination VPN subnet from being NATted; then change your nat statement from source list (ACL) to source route-map which references the ACL.
I read somewhere that Cisco recommends using source route-map instead of source ACL for additional configuration flexibility...
access-list 100 deny ip 192.168.200.0 0.0.0.255 192.168.5.0 0.0.0.255
access-list 100 permit ip any any
route-map NAT_EXEMPT permit 10
match ip address 100
ip nat inside source route-map NAT_EXEMPT interface FastEthernet0/1 overload
Hope this resolves the problem...
Patrick
Getting Started
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: