I have a customer who is connecting remotely using VNC to a computer inside an office network that has a Cisco 827 connecting to the Internet. Previously the remote PC had a static IP address and I was using the following syntax to restrict access to this address:\r\n\r\naccess-list 101 permit tcp host 184.108.40.206 host 220.127.116.11 eq 5900\r\n\r\nwhere 18.104.22.168 is the remote static IP and 22.214.171.124 is the Cisco static IP and port 5900 is for VNC. I have another entry earlier it pinhole 5900 as follows:\r\n\r\nip nat inside source static tcp 192.168.1.6 5900 126.96.36.199 5900 extendable\r\n\r\nwhere 192.168.1.6 is the VNC host PC inside the office network.\r\n\r\nThe customer is now using a 3G card which can't get a static address. However they IP they get assigned is within an IP address range such that the first 2 octets are the same. ie 188.8.131.52 or 184.108.40.206. I entered the following line into the Cisco box but it isn't allowing access.\r\n\r\naccess-list 101 permit tcp host 220.127.116.11 host 18.104.22.168 eq 5900\r\n\r\nI figured the .0.0 should allow access to anyone connecting from 1.2.x.y. Can anyone please enlighten me on how to make this work?