tony,
I am assuming that you are going to use pre-shared keys? I have the exact same setup at a couple of locations. NAT sucks for me, but you can try if you like. You need to define crytpo settings e.g. Policy, authentication, lifetime. You then need to create the keys :
crypto isakmp key TONY address 1.1.1.1 255.255.255.255
Then you need to create a transform set:
crytpo ipsec transform-set TONY esp-des esp-sha-hmac (or whatever alg you want)
Then you need to create an access-list:
access-list 101 permit 1.1.0.0 0.0.255.255 2.2.2.0 0.0.0.255
Then you need to create maps:
crypto map TONY 10 ipsec-isakmp
set peer 1.1.1.1
set transform-set TONY
match address 101
Then you need to bind the map to the interface you are using. What type of WAN are you using?
You need to match the key and ip address of the other router. You do it backwards, it is a little funky!
I set static routes for my tunnels, I only have 13 so it is not too much.
e-mail me if you have any questions
Geoff
gbeaty@reico.com