Shawn, (Unless I misunderstand what you need!!)
The following line in your acl - !permit anyone to 172.16.1.0 port 80--web server access-list 101 permit tcp any 172.16.1.0 0.0.0.255 eq www Is saying 2 permit any source to get to 172.16.1.0 where the traffic is web traffic. As you would not be advertising 172.16.1.0 /24 on the internet you should really be permiting traffic from any source to the natted addresses of your web servers and not the inside address. No one will ever target the 172.16.1.0 from the outside. Hope that helps Regards Rich Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=40203&t=40092 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]