The ISAKMP negotiation can based on ip address, host name , digital certificates or DNS name depending on what your configuration in the router.
I assume that you are using pre-shared key , using ip address as the isakmp identity. So you need match both peers same share key, each other' ip address, hash algorithem "MD5 or SHA", encryption "3DES or DES".
If all of them matching each other, then the ISAKMP exchange will be fine, then it will goto phase 2 IPSEC negotiation.
Even you are doing NAT, that means only one peer' ip address has been nattated, it still need match all the rest stuff ,preshare-key, hash and encryption.
For this reason, NAT will not create a lack of security. Even someone can spoof your VPN peer's ip address, he still need to know a lot of other configuration to creat a VPN tunnel to another peer.
Details please see:
http://www.cisco.com/warp/public/cc/techno/protocol/ipsecur/ipsec/prodlit/dplip_in.htm