Router A configuration:
-----------------------

interface FastEthernet0
description "WAN Connection"
ip address 172.16.11.254 255.255.255.0
ip nat outside
crypto map CRYPTO_MAP

interface FastEthernet1
description "LAN Connection"
ip address 192.168.11.254 255.255.255.0
ip nat inside

crypto isakmp policy 10
encr 3des
hash md5
authentication pre-share
group 2
crypto isakmp key {SHARED_KEY] address 172.16.23.254

crypto ipsec transform-set ESP_3DES_MD5 esp-3des esp-md5-hmac

crypto map CRYPTO_MAP 10 ipsec-isakmp
set peer 172.16.23.254
set transform-set ESP_3DES_MD5
match address CRYPTO_ACL

ip nat inside source list NAT interface FastEthernet0 overload

ip access-list extended CRYPTO_ACL
permit ip 192.168.11.0 0.0.0.255 192.168.23.0 0.0.0.255

ip access-list extended NAT
deny ip 192.168.11.0 0.0.0.255 192.168.23.0 0.0.0.255
permit ip 192.168.11.0 0.0.0.255 any

Router B configuration:
-----------------------

interface FastEthernet0
description "WAN Connection"
ip address 172.16.23.254 255.255.255.0
ip nat outside
crypto map CRYPTO_MAP

interface FastEthernet1
description "LAN Connection"
ip address 192.168.23.254 255.255.255.0
ip nat inside

crypto isakmp policy 10
encr 3des
hash md5
authentication pre-share
group 2
crypto isakmp key {SHARED_KEY] address 172.16.11.254

crypto ipsec transform-set ESP_3DES_MD5 esp-3des esp-md5-hmac

crypto map CRYPTO_MAP 10 ipsec-isakmp
set peer 172.16.11.254
set transform-set ESP_3DES_MD5
match address CRYPTO_ACL

ip nat inside source list NAT interface FastEthernet0 overload

ip access-list extended CRYPTO_ACL
permit ip 192.168.23.0 0.0.0.255 192.168.11.0 0.0.0.255

ip access-list extended NAT
deny ip 192.168.23.0 0.0.0.255 192.168.11.0 0.0.0.255
permit ip 192.168.23.0 0.0.0.255 any