access-list help

[halafarasol]

Dear Friends
I have Cisco router with two fast Ethernet,
F0/0 connected to pix firewall
The pix firewall has 3 interfaces
Outside, inside ,DMZ
Inside IP address is 192.168.1.254 255.255.255.0
DMZ IP address is 192.168.0.254 255.255.255.0
The F0/1 for the Cisco router is connected to my LAN,
I want to make an access list in the Cisco route to permit and deny some hosts,
I want all host can browse my internal web server
The ip address for my web server is 192.168.0.4 255.255.255.0
And I want to deny these host from browsing the internet
192.168.100.23
192.168.100.24
192.168.100.25
and all the other hosts can browse the internet

and this is my configuration for the Cisco router
===================================
interface FastEthernet0/0
ip address 192.168.1.1 255.255.255.0
ip nat outside
speed auto
half-duplex
no cdp enable
!
interface FastEthernet0/1
ip address 192.168.100.1 255.255.255.0
ip nat inside
duplex auto
speed auto
no cdp enable
!
ip nat inside source list 1 interface FastEthernet0/0 overload
ip classless
ip route 0.0.0.0 0.0.0.0 192.168.1.254
no ip http server
!
access-list 1 permit 192.168.100.0 0.0.0.255
dialer-list 1 protocol ip permit
dialer-list 1 protocol ipx permit
snmp-server community public RO
snmp-server enable traps tty
==================================
please help me
thanx

 

[jneiberger]

access-list 101 permit tcp any host 192.168.0.4
access-list 101 deny tcp host 192.168.100.23 any eq 80
access-list 101 deny tcp host 192.168.100.23 any eq 443
access-list 101 deny tcp host 192.168.100.24 any eq 80
access-list 101 deny tcp host 192.168.100.24 any eq 443
access-list 101 deny tcp host 192.168.100.25 any eq 80
access-list 101 deny tcp host 192.168.100.25 any eq 443
access-list 101 permit ip any any

interface FastEthernet0/0
ip access-group 101 out

HTH,
John