glad to see you got it working! as you may know, it is a good practice to explicit deny everything after all your "permits" on the inbound access list. What I meant, in plain english is to put:
access-list 101 deny ip any any
Exactly on place you had:
access-list 101 permit ip any any
**edit was to further clarify**--
All Is possible...