Hi

First of all, Public IPs are directly to this modem or it's in bridge mode and public IP are to the router?

This is important because if IP are on modem, you will need to forward VPN ports on your local router IP:  port to forward UDP/500 and UDP/4500

Routers on both end will be able to detect NAT. No configuration needed.

For VPN configuration itself, it will looks like:

(Let's say that site 1 LAN is 192.168.0/24 and site 2 is 192.168.1.0/24)

crypto isakmp policy 1
 encryp aes
 hash sha
 authenticatio pre-share
 group 2
 lifetime 86400
!
crypto isakmp key cisco (you can choose another pre shared key)  address x.x.x.x --> this is the other end public IP
!
ip access-list extended VPN
 permit ip Source-IP Wildmask-Src dest-IP wildmask-dst

--> On site 1 router it will be: permit ip 192.168.0.0 0.0.0.255 192.168.1.0 0.0.0.255

--> On site 2 router it will be: permit ip 192.168.1.0 0.0.0.255 192.168.0.0 0.0.0.255
!
crypto ipsec transform-set VPNTS esp-aes esp-sha-hmac
!
crypto map CMAP 10 ipsec-isakmp
 set peer x.x.x.x --> this is the other end public IP
 set transform-set VPNTS
 match address VPN
!
interface g0/X
 crypto map CMAP
!

Some info:

Security (hash and encryption can be tweaked depending on your router model and performance).

Some info concerning the other security parameters
Group 2 is 1024 bits
Group 5 is 1536 bits
lifetime is the time of the keys used by the tunnel. This is the default value. For more security, you can decrease this time.
This is when routers can re-negotiate their tunnels keys to encrypt data.

Hope this is more clear?

thanks