I've stumbled upon something that I cannot explain and I could use some help in order to understand what is happening :)
The problem, as I see it, is as follows (in short terms):
My router seems to do NAT on the return packets on an incoming connection that arrives via the VPN connection. This only happens to packets that are using ports that I have forwarded using ip nat inside source static...
I am using nat exempt for the VPN connections. The NAT exempts are working just fine except when they seem to "collide" with port forwardings.
This translation entry is listed after i try to telnet from a 10.0.0.x host to 10.45.131.23 port 80:
Cisco_1811#sh ip nat t | inc 10.0.0.
tcp 172.16.0.64:80 10.45.131.23:80 10.0.0.6:1872 10.0.0.6:1872
How can I make the router not do NAT at all on the VPN connections?
I'm suspecting it's because I'm using route-map instead of lists in the NAT overload statement.
The router has 172.16.0.64 as its "public" ip and the config is attached to this message.
You can try to add a route-map which will deny all VPN related traffic on all static nat entries.
ip nat inside source static tcp 18.104.22.168 80 22.214.171.124 80 route-map xxx
By the way, It seems your vpn config is incomplete. I did not see pre-share key and peer ip are configured.