Unlike with the L2TP IPSec VPN, with the Site to Site IPSec Tunnel i not get any extra (virtual or tunnel) interface.
It's about the order of operation, NAT is performed after IPSec decryption. Which mean when the IPSec encapsulated packet arrived on your WAN interface (e.g. GigabitEthernet8), it will first be decrypted (source: 192.168.80.x, destination: 10.20.60.x). Then, it will performed NAT (source: 192.168.80.x -> [overload NAT] 10.20.60.12; destination: 10.20.60.x).
Vice-versa, when the return packet is arrived on LAN interface, NAT is performed before IPSec encryption. which mean the packet (source 10.20.60.x, destination: 10.20.60.12) will translate to (source: 10.20.60.x, destination: 192.168.80.x). According to routing table, it should exit out WAN interface (Gig8). IPSec encryption is then performed if (source: 10.20.60.x, destination: 192.168.80.x) hit the crypto map condition.
So, if it's well configured, it should work as expected.
Your configuration look good to me except the interface Gig8.
ip address x.x.x.x 255.255.255.248
ip access-group ACLWAN in
no cdp enable
crypto map CRYP_MAP
ip nat inside
Do you have 'ip nat inside' configured on Gig8?