Dividing traffic for NAT'ing and for any type of VPN's.

Access-lists have to divide traffic for NAT'ing. Then they can be applied for NAT as a route-map or source list.
As I got it, top lines should deny traffic with private source and private destination and bottom lines should permit traffic with private source and any destination.
Example:

access-list 100 deny ip 192.168.10.0 0.0.0.255 192.168.20.0 0.0.0.255

access-list 100 deny ip 192.168.20.0 0.0.0.255 192.168.10.0 0.0.0.255

access-list 100 deny ip 192.168.10.0 0.0.0.255 192.168.30.0 0.0.0.255

.....

access-list 100 permit ip 192.168.10 0.0.0.255 any

By the way, this is good example for summarization. If private subnets can be summarized, it will be easier to define access-list and it will be much shorter.