Basically, you configure static nat, policy nat, nat exemption as you desire. Then make your crypto ACL match the outside addresses. If you have control over both ends, you can do source address translation on each end (which is the easiest). If you need to, you can do source and destination on both ends. Alternatively, you may just need to do source translation on one end. I have had all sorts of weird scenarios. For instance a vendor requires me to do source NAT to alternative RFC1918 address space.
Here is an example I documented that does both. You can tweak it as necessary to fit your scenario. In my opinion, the 8.2 syntax is much easier than the 8.4.