In this article I will be showing you how to configure a Site 2 Site VPN on a ASA.
Also included within this example is a group-policy (named "Example_Policy") which we restrict access between the 2 endpoints to just tcp/80 traffic.

Please Note : This example presumes that you have already created the object groups for Local_LAN and Remote_LAN.

Access-Lists

Add the ACLs which we will need to NAT, the encryption domain and the group policy.

access-list Example_Policy_ACL extended permit tcp object-group Local_LAN object-group Remote_LAN eq 80
access-list Example_Policy_ACL extended deny ip any any
access-list Example_VPN_ACL permit ip object-group Local_LAN object-group Remote_LAN

Group Policy

Create your group policy which will restrict traffic between hosts within your encryption domain.

group-policy Example_Policy internal
group-policy Example_Policy attributes
      vpn-filter value Example_Policy_ACL

NAT

Add your No NAT for traffic within the encryption domain

nat (outside) 0 access-list Example_VPN_ACL

Tunnel Group

Create your tunnel group which will include your pre-shared key.

tunnel-group [Peer IP] type ipsec-l2l
tunnel-group [Peer IP] general-attributes
     default-group-policy Example_Policy
tunnel-group [Peer IP] ipsec-attributes
     pre-shared-key [pre-share key]

Phase 1

crypto isakmp identity address
crypto isakmp enable outside
crypto isakmp policy 10
    authentication pre-share
    encryption [?]
    hash [?]
    group [?]
    lifetime [secs]

Phase 2

crypto ipsec transform-set [transform set name] esp-3des esp-sha-hmac
crypto map outside interface outside
crypto map outside set transform-set [transform set]
crypto map outside 20 match address Example_VPN_ACL
crypto map outside 20 set peer [Peer IP]
crypto map outside 20 set security-association lifetime seconds [secs]

Misc

To ensure that any traffic that is passed through a VPN tunnel and decrypted will bypass interface access-lists the following sysopt command will be required. Please Note : Group policy and per-user authorization access lists still apply to the traffic.

sysopt connection permit-vpn

Note : If the traffic is going outbound (i.e is not coming out from the VPN tunnel but going into the tunnel) then you will need to add an access-list entry to permit the traffic.