I have 3 servers subnetted to a hub connected to fa 0/0 of a router. I will
use xxx to denote the network parts of the addresses.
I'm trying to restrict access on any ip protocol to server 3
xxx.xxx.xxx.128-255 from computers an a remote network with ip adresses
xxx.xxx.xxx.16-255 but still allow access to the other 2 servers on the
subnet.

I have tried:

access-list 100 deny xxx.xxx.xxx.16 0.0.0.255 xxx.xxx.xxx.128 0.0.0.127
access list 100 permit any
int fa 0/0
ip access group 100 out

and many variations of this but it ends up blocking access to all three
servers instead

I then have to give hosts (on 2 different subnets to the servers but
connecting to the same router) with /24 ip addresses with the last octet
<128 access to all three servers.

If anyone can point out where I'm going wrong with my ACL it would be much
appreciated because i've been racking my brains for the last 3 days trying
to figure out how to do it.

Thanks in advace