FastEthernet4 is the routable LAN port, and the access list would indeed work here. But for ports 0 thru 3, since these are layer 2 only ports, the access list likely doesn´t work. I do not have an 851 router available to test this, so my apologies if I might be off here, but I am thinking of the following:
switchport access vlan 2
ip address 192.168.2.1 255.255.255.0
ip nat inside
access-group 101 in
bridge 2 protocol ieee
bridge 2 route ip
So, basically, the FastEthernet0 is bound to BVI2, which is a virtual layer 3 interface, and to which you should be able to apply the access list. Just make sure that the IP address of the client uses the IP address of BVI2 as its default gateway (and has an IP address in the same subnet).
This document gives several answers on frequently asked questions for PFRv3 channel state behavior.
Q1: What are all the channel operational states from a BR (border role) perspective and what are the rules/conditions to be in each st...
The need was to reach an host inside a LAN through a VPN connection managed by the LAN gateway (Cisco 1921).
The LAN gateway performs NAT and there was a dedicate nat rule for the host i wanted to reach through VPN.
I couldn't connect to the hos...