I think that is possible using policy nat (pnat). Let's say you want to nat 192.168.100.0/24 to 172.16.100.0/24 then send it thru the tunnel to the rest of the 172.16.0.0/16.
access-list pnat_first permit ip 192.168.100.0 255.255.255.0 172.16.0.0 255.255.0.0
static(inside, outside) 172.16.100.0 access-list pnat_first
Here traffic from 192.168.100.0/24 going to 172.16.0.0/16 will be pnat/sourced from 172.16.100/24
Note that the subnet mask in the "static" command is inferred from the acl's mask.
access-list 101 permit ip ip 172.16.100.0 255.255.255.0 172.16.0.0 255.255.0.0
crypto map aptmap 10 match address 101
Here, pnat'd traffic will go thru the tunnel, the source address is now 172.16.100.0/24. This is a partial config.
The assumption here is that policy nat will take precedence over encryption.
I haven't tried this (anything on a PIX 501 for that matter), so if you are up for an adventure, then have fun experimenting with these configs and share your findings.
Also read the reply from gfullage in this post, I think it is very helpful:
(very long url, I already gave the webmaster feedback on this)
http://forum.cisco.com/eforum/servlet/NetProf?page=netprof&forum=Virtual%20Private%20Networks&topic=General&CommCmd=MB%3Fcmd%3Ddisplay_location%26location%3D.1dd771e7
HTH
Mustafa