It is very much similar to Policy nat.
below is an example:
interface FastEthernet0/0
description Your outside interface on public-address connected ISP.
ip address xxx.xxx.xxx.xxx 255.255.255.224
ip nat outside
interface FastEthernet0/1
description: Your inside interface connected to inside-switch for local network segment.
ip address 10.0.0.2 255.255.255.0
ip nat inside
ip nat inside source list PAT_ACL interface FastEthernet0/0 overload
ip access-list extended PAT_ACL
deny ip 10.0.0.0 0.255.255.255 192.168.0.0 0.0.0.255 <- as you deny this traffic to be Pat-over load, they will go over crypto engine instead.
permit ip 192.168.0.0 0.0.0.255 any <- however this traffic will be pat-over load for accessing internet.
Assume 192.168.0.0/24 the remote segment on router 2821 wanted access internet via 2811.
I hope it make sense to you.
Thanks
Rizwan Rafeek