You need to create a route-map to define which traffic should use NAT. Here's an example below.
First you need to create an access-list that defines how you want traffic NAT'ed. The example below assumes that 10.1.1.0/24 is the local network and 10.2.2.0/24 is the otherside of the VPN tunnel:
access-list 130 deny ip 10.1.1.0 0.0.0.255 10.2.2.0 0.0.0.255
access-list 130 permit ip 10.1.1.0 0.0.0.255 any
Next, create a route-map called nonat that uses this access-list:
route-map nonat permit 10
match ip address 130
The final piece is to use this route-map as the source for your NAT statement like this:
ip nat inside source route-map nonat interface Serial0/0 overload
By doing this, all traffic coming from hosts on the 10.1.1.0/24 network will NOT be NAT'ed if the destination is the other side of the tunnel (10.2.2.0/24). All other traffic will be NAT'ed out the serial interface.
Hope this helps,
Cody Rowland