You can still do NAT after IPSec encryption. The key here is to use protocol ESP not AH as AH would authenticate the ip header and NATting the ip address would fail the AH authentication.
The link on CCO will work. Just one more thing, when configuring the access-list on the pix sitting b/t the ipsec peers, make sure UDP/4500 is allowed. IPSec NAT-Traversal uses UDP/4500.