Hi,
There is a lot of information out there on how to do this. Cisco's own documentation is really good, however, here are a couple guides with examples you can look at:
NAT: http://www.internetworkingcareer.com/ccna/configure-nat-cisco-router/
IPSEC tunnel: http://www.internetworkingcareer.com/vpn/configure-site-site-vpn-tunnel/
The configurations of both don't conflict with each other except for the access-lists that define "interesting traffic" (when NAT applies, or when the tunnel applies).
Order of operations will take care of things, but to be absolutely certain, in the NAT ACL, deny the traffic that is to use the IPSEC tunnel. Using the examples in the guides, it would look like this:
ip access-list extended NAT_TRAFFIC
deny ip 192.168.1.0 0.0.0.255 192.168.3.0 0.0.0.255
permit ip 192.168.1.0 0.0.0.255 any
And vice versa on the other side.
Regards,
Tim