ACL or NAT for External Interface

[octavian10]

I am currently doing some testing on a 2621 router that will help me make ouer production routers more secure. Here is my scenario, 2621 router with dual FE interfaces's the main pourpose for this router is to provide internat access to internal users, and allow access to an internal web server running on a non standard http port. My current ruunig-config is this,

interface FastEthernet0/0
ip address dhcp
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat outside
duplex auto
speed auto
no cdp enable
!
interface FastEthernet0/1
ip address 192.168.1.1 255.255.255.0
no ip redirects
no ip unreachables
ip nat inside
duplex auto
speed auto
!
ip nat inside source list 100 interface FastEthernet0/0
overload
ip nat inside source list static tcp 192.168.1.10 8081 interface fastethernet0/0 8081
no ip http server
ip http authentication local
no ip http secure-server
ip http timeout-policy idle 600 life 86400 requests 10000
ip classless
!
!
access-list 1 permit 192.168.1.11
access-list 1 permit 192.168.1.10
access-list 100 permit ip 192.168.1.0 0.0.0.255 any

!
!
end
So my question is what is more secure, the above IP NAT configuration, or should I setup ACL'S with CBAC, PAM, and Inspection Rules, that permit out going internet trafic and restrict incoming trafic to the WEB server 192.168.1.10 only. I am running IOS 12.3(1).
Thanks for any advice.

"I hear and I forget. I see and I remember. I do and I understand."
- Confucius (551 BC - 479)