Add the ACLs which we will need to NAT, the encryption domain and the group policy.
access-list Example_Policy_ACL extended permit tcp object-group Local_LAN object-group Remote_LAN eq 80
access-list Example_Policy_ACL extended deny ip any any
access-list Example_VPN_ACL permit ip object-group Local_LAN object-group Remote_LAN
Create your group policy which will restrict traffic between hosts within your encryption domain.
group-policy Example_Policy internal
group-policy Example_Policy attributes
vpn-filter value Example_Policy_ACL
Add your No NAT for traffic within the encryption domain
nat (outside) 0 access-list Example_VPN_ACL
Create your tunnel group which will include your pre-shared key.
tunnel-group [Peer IP] type ipsec-l2l
tunnel-group [Peer IP] general-attributes
tunnel-group [Peer IP] ipsec-attributes
pre-shared-key [pre-share key]
crypto isakmp identity address
crypto isakmp enable outside
crypto isakmp policy 10
encryption [?] hash [?] group [?] lifetime [secs]
crypto ipsec transform-set [transform set name] esp-3des esp-sha-hmac
crypto map outside interface outside
crypto map outside set transform-set [transform set] crypto map outside 20 match address Example_VPN_ACL
crypto map outside 20 set peer [Peer IP] crypto map outside 20 set security-association lifetime seconds [secs]