I've got a question with NAT'ing traffic going through a VPN.  I have an 800 series router.  I'm dealing with a split tunnel situation.  The network behind the router is a 192.168.0.0/16.   

I have a VPN endpoint with IP address 10.0.0.0/16.   

I want to NAT the traffic as it leaves the 800 to a different IP address.  10.1/16, 10.2/16, 10.3/16, so on and so forth.   Basically make each site locally the same in order to make installation easier.  The only need for uniqueness would be from the other side.  This is a hub and spoke, and 800s would be acting as spokes.   

The VPN forms, but I don't get any traffic through the VPN when looking from either side.

ip access-list extended NAT_ACL
deny ip 192.168.0.0 0.0.255.255 10.0.0.0 0.0.255.255
permit ip 192.168.0.0 0.0.255.255 any

route-map NO_NAT permit 10
match ip address NAT_ACL

crypto isakmp policy 10
encr aes
authentication pre-share
group 5
lifetime 14400
crypto isakmp key ********* address X.X.X.X

crypto ipsec transform-set VPN_SET esp-aes esp-sha-hmac

crypto map VPN_MAP 10 ipsec-isakmp
set peer X.X.X.X
set transform-set VPN_SET
match address VPN_A

ip access-list extended VPN_A  !used to advertise NAT address to VPN HUB
permit ip 10.Y.0.0 0.0.255.255 10.0.0.0 0.0.255.255

ip access-list extended NAT_ACL
deny ip 192.168.0.0 0.0.255.255 10.0.0.0 0.0.255.255
permit ip 192.168.0.0 0.0.255.255 any

interface gi0
crypto map VPN_MAP

crypto ipsec transform-set VPN_SET esp-aes esp-sha-hmac