You can refer to following link for configuring S-S vpn.
http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_62/config/sit2site.htm
When you configure S-S vpn, you will be configuring an access-list which specified the traffic to be encrypted. This would be those traffic with source ip address from 2.2.2.0 and destination address from 3.3.3.0 network.
Now the same traffic should not be NATed. THis can be achieved using NAT 0 access-list.
Check this link for configuring NAT 0 access-list.
http://www.cisco.com/warp/public/110/19.html#multi_nat_access
So all traffic going to internet will be NATed while the VPN traffic will be passed without NATing. This is called as Split tunneling.
Hope that helps!
Sankar Nair
UC Solutions Architect
Pacific Northwest | CDW
CCIE Collaboration #17135 Emeritus