I am running a 3005 behind a router with a T1 WIC. My syslog box is showing traffic being denied by the acl, although I thought I had it setup to allow any traffic to 66.89.100.69. The external of the 3005 is 66.89.100.69 which is being natted to 10.236.47.230

Below is my config.

!

interface Loopback0

ip address 66.89.110.65 255.255.255.248

!

interface Ethernet0/0

no ip address

!

interface Ethernet0/0.10

encapsulation dot1Q 10

ip address 10.236.47.253 255.255.240.0

ip nat inside

!

interface Ethernet0/0.20

encapsulation dot1Q 20

ip address 10.236.63.240 255.255.240.0

ip nat inside

!

interface Serial0/0

bandwidth 1544

ip address 67.106.46.14 255.255.255.252

ip access-group sdm_s0/0_in in

ip nat outside

encapsulation ppp

service-module t1 timeslots 1-24

!

interface Ethernet0/1

ip address 10.0.3.240 255.255.255.0 secondary

ip address 10.0.9.240 255.255.255.0

ip nat inside

shutdown

!

ip nat inside source static 10.236.47.230 66.89.100.69

ip nat inside source static 10.236.48.10 66.89.110.67

!

ip access-list extended sdm_s0/0_in

permit tcp any eq 5080 host 10.0.1.75 log

permit tcp any eq 5080 host 66.89.110.67 log

permit tcp any eq 1099 host 66.89.110.67 log

permit tcp any eq 1099 host 10.0.1.75 log

permit ip host 161.165.202.24 any log

permit ip host 161.165.202.26 any log

permit ip host 161.165.202.28 any log

permit ip host 161.165.202.25 any log

permit ip host 161.165.202.27 any log

permit ip host 161.165.202.29 any log

permit tcp any host 10.236.47.230 log

permit ip any host 10.236.47.230 log

permit udp any host 10.236.47.230 log

permit ip any host 66.89.100.69 log

permit tcp any host 66.89.100.69 log

permit udp any host 66.89.100.69 log

deny ip any any log

deny tcp any any log

logging facility auth

logging source-interface Ethernet0/0.10

logging 10.252.1.31

access-list 1 permit any

!