This article assumes you have the Cisco routers on both ends setup and you are ready to get the tunnel up. Here is the simple list of steps to get this thing going. And remember, this is a basic configuration. You may need some more specific access lists to accomplish your goal.

!!Lets setup a site to site shall we!!
!!Apply the crypto map to the outside interface

Interface gig 0/1 crypto map tunnel-map

!!Now lets setup our policies

crypto isakmp policy 10
encr 3des
hash md5
authentication pre-share
group 2

!!We need a preshared key dont we

crypto isakmp key !yourkey! address x.x.x.x

!!Now for the transform set

crypto ipsec transform-set Here-to-There esp-3des esp-md5-hmac

!!And now its time for the tunnel map

crypto map tunnel-map 10 ipsec-isakmp
set peer x.x.x.x (Remote Wan IP)
set transform-set Here-to-There
match address VPN

!!And of course the access list

ip access-list extended VPN permit ip 10.0.0.0 0.0.0.255 x.x.x.x 0.0.0.255 log

!!Dont forget to deny it from the nat list and remember that the deny statement should come before you permit the rest of the traffic.

ip access-list extended NAT
deny ip 10.0.0.0 0.0.0.255 x.x.x.x 0.0.0.255

To test these settings use the show crypto session commands and you should get something like this.

RouterA# sh crypto session

Crypto session current status
Interface: GigabitEthernet0/1Session status: UP-ACTIVE
Peer: x.x.x.xport 500
IKE SA: local x.x.x.x/500 remote x.x.x.x/500 Active
IKE SA: local x.x.x.x/500 remote x.x.x.x/500 Active
IPSEC FLOW: permit ip 10.0.0.0/255.255.255.0 10.0.1.0/255.255.255.0
Active SAs: 0, origin: crypto map
IPSEC FLOW: permit ip 10.0.0.0/255.255.255.0 10.0.1.0/255.255.255.0
Active SAs: 2, origin: crypto map

Thats it, pretty simple stuff huh? You just have to change the IPs to match your needs and put this in on both sides and it should work fine for you. If you have any problems post a comment and I will try to help.