Hello..thanks for the look at the issue...so here is what I have:

OUTSIDE INTERFACE:

interface GigabitEthernet0/1
description SPECTRUM$FW_OUTSIDE$$ETH-WAN$
ip address dhcp client-id GigabitEthernet0/1
ip access-group 101 in

This entry to let it in the ROUTER:

ip nat inside source list 1 interface GigabitEthernet0/1 overload
ip nat inside source static tcp 192.168.0.34 32100 interface GigabitEthernet0/1 32100

My ORIGINAL ACL:  access-list 101 permit tcp host 192.168.0.34 eq 32100 any log    (Shows OPEN on port scan-ACCESS OK)

Your ACL:  access-list 101 permit tcp any host 192.168.0.3 eq 32100 log    (Shows FILTERED on port scan-NO ACCESS)

Thanks for the reply...TYPO on my part

Checked my config file and it is OK there

share

show ip access-list 

I run small lab and test the NAT with ACL
you need to for TCP permit to specify the Global NAT IP not Local NAT IP, and because the Global NAT IP is learn via DHCP so we cannot use static ip, instead I use any then in second ACL line I deny all TCP traffic.
this allow only 32100 and drop other TCP port.

 
interface GigabitEthernet0/1
description SPECTRUM$FW_OUTSIDE$$ETH-WAN$
ip address dhcp client-id GigabitEthernet0/1
ip access-group 101 in <<-OK

This entry to let it in the ROUTER:

ip nat inside source list 1 interface GigabitEthernet0/1 overload <<-OK
ip nat inside source static tcp 192.168.0.34 32100 interface GigabitEthernet0/1 32100 <<-OK

access-list 101 permit tcp any any eq 32100 log 

access-list 101 deny tcp any any

Why we need Global not Local NAT IP ?
because of NAT order, here the NAT for ingress is come after ACL, so ACL need to include the Global IP.
since the Global via DHCP (dynamic) we need ANY.

Hi...

I already have a PAT entry as follows: 

  access-list 1 remark INSIDE_IF=GigabitEthernet0/0
access-list 1 permit 192.168.0.0 0.0.0.255

Hello
So you already are using PAT then that server is "Hidden" plus it only going to be accessible via that particular PAT translation .
What you may want to implement is something like CBAC..

Basic CBAC

ip inspect name CBAC tcp
ip inspect name CBAC udp
ip inspect name CBAC icmp

access-list permit 101 permit tcp any any eq 32100
access-list 101 permit udp any any eq bootpc
access-list permit 101 deny ip any any

interface x/x
WAN
ip verify unicast source reachable-via rx access-list 100
ip access-group 101 in
ip inspect CBAC out 

I apologize for what seems my lack of contact about this problem you all have been helping me with...however I just got released from a rather lengthy stay at the VA Hospital.

I plan to get back to this problem and let you know where I am at with it.

Thank You.

So I am able toget back to this issue.

Paul I setup just like you wanted...the ports showed Filtered-But no access to my Network

So I tried these:

access-list 101 permit tcp any any eq xxxxxx log-All ports are WIDE OPEN, and I can access my network.

access-list 101 permit tcp any host xxx.xxx.x.xx eq xxxxxx log-All ports show as FILTERED-No access to my Network

access-list 101 permit tcp any eq xxxxxx any log-All ports show as FILTERED-No access to my Network

I have Attached my startup-config file

Thanks........

Hello David

CBAC will only return traffic through the router that was established internally, your acl 101 is quite large and tbh all the deny aces you show at the end of that acl are not really required as by default the acl has an implicit deny all.

Also, the acl is allowing a lot more traffic then you initially stated, you mention in your OP that certain traffic to be allowed to a specific server “.so it would JUST answer to that server” which I then assumed was based on a single pat now you show multiple static pat statements.
Can you elaborate a little more on what traffic you wish to be allowed to initiate sessions externally this should then provide a better understanding for all and obviously assist in a definitive solution for you.