yage - Thanks for posting your question on the forum!
Could you reply to this post with the configuration for us to review? Please remember to remove any sensitive information. There are several ways to configure this, but it would be easier to explain within the context of your configuration if we could take a look.
Please do not hesitate to let us know if you have any questions.
yage - I noticed that in the access-policy, the statement is this:
ip policy-class Private
discard list web-acl-70
allow list self self
nat source list wizard-ics interface gigabit-ethernet 0/1 overload
Since you are using the "discard" action, your ACL will need to be configured so that the hosts that you want to allow to connect to the TeamSpeak server are 'denied', while the users you want to block are 'permitted'. I realize this sounds counterintuitive, but since you used the "discard" action, the router will take that action on traffic "permitted" by the ACL you referenced. For example, if you only wanted host 192.168.1.1 to access the Teamspeak server from the LAN, then your ACL would look like such:
ip access-list extended web-acl-70
deny ip host 192.168.1.1 host xx.78.241.230
permit ip any host xx.78.241.230
This would allow 192.168.1.1 to access the server but block all other users from accessing that IP.
I hope that answers your question but please do not hesitate to let us know if you have any further questions.
Thanks Noor - that did the trick.
It makes sense; if I used policy action allow I would then deny ip any host xx.78.241.230.
I marked your answer as Correct