jgard - I branched your question to a new topic.
The rule would need to be applied to the access-policy/security zone that is assigned to your LAN interface. The ACL would look something like this:
ip access-list ext Web_Filter
permit tcp host 10.7.32.249 any eq www
ip policy-class Private
nat source list Web_Filter interface ppp 1 overload
Since internet traffic from your LAN must be NATted to get out to the internet, by restricting which traffic we NAT, we can restrict which hosts can get out to the internet. Let us know if you have any questions.
I went ahead and flagged the "Correct Answer" on this post to make it more visible and help other members of the community find solutions more easily. If you don't feel like the answer I marked was correct, feel free to come back to this post and unmark it and select another in its place with the applicable buttons. If you still need assistance, we would be more than happy to continue working with you on this - just let us know in a reply.