I have a couple of questions about this simple ACL:
access-list 101 permit ip host 192.168.1.1 any
1) Will this ACL block ICMP requests coming from any hosts other than 192.168.1.1 (because of the implicit deny any any)?
2) If this ACL is implemented outbound on an interface, it will supposedly block any "pass-through" traffic not sourced from 192.168.1.1. Therefore ICMP requests sourced from 192.168.1.1 to a remote host through the ACL will be permitted. This outbound ACL should not have any effect on the ICMP replies coming back through the interface (no inbound ACLs applied), so ICMP replies will be successfully received by 192.168.1.1, right?
I had a scenario where icmp replies weren't being recieved, and debugs on the downstream router said that the replies were being "administraivly prohibited", even though there weren't any inbound ACLs on the local router. (Also no ACLS on the downstream) I don't understand why this happened?
Is this a new IOS feature or something (using 12.4)? Any help is appreciated!