Level: Professional
In complex network architextures, admins sometimes have to trick the components into unusual configurations in order to achieve their goals. NAT is well known. Policy NAT much less so.
One note before we proceed: Policy NAT unfortunately is only supported by few Layer 3 Switches. No Problem on a Cisco 650X with SUP720, of course.
In this example, source addresses in Vlan 2 are to be NATted to a pool belonging to the VLAN3 address range when accessing Vlan3. All other connections are not NATted:
ip nat pool pool-2 192.168.2.20 192.168.2.25 prefix-length 24
ip nat inside source route-map MAP-2 pool pool-2
interface Vlan 2
ip nat inside
...
interface Vlan 3
ip nat outside
...
ip access-list extended MGMT-ACL
permit ip 192.168.1.0 0.0.0.255 192.168.2.0 0.0.0.255
deny ip any any
route-map MAP-2 permit 10
match ip address MGMT-ACL