大家好。

我想要做的是拒绝 12.12.12.0 网络的 ping 访问以到达 10.10.10.0 网络，但不拒绝 ping 访问以从 10.10.10.0 网络到达 12.12.12.0 网络。所以基本上 PC2 和 PC3 不能 ping PC0 和 PC1 但 PC0 和 PC1 可以或相反。

到目前为止，这是我尝试做的，但没有成功。它要么阻止来自双方的 ping，要么允许它。

Router#show run
Building configuration...

Current configuration : 1328 bytes
!
version 12.4
no service timestamps log datetime msec
no service timestamps debug datetime msec
no service password-encryption
!
hostname Router
!
!
!
!
!
!
!
!
no ip cef
no ipv6 cef
!
!
!
!
!
!
!
!
!
!
!
!
spanning-tree mode pvst
!
!
!
!
!
!
interface FastEthernet0/0
 ip address 10.10.10.1 255.255.255.0
 ip access-group 101 out
 duplex auto
 speed auto
!
interface FastEthernet0/1
 no ip address
 duplex auto
 speed auto
 shutdown
!
interface Serial1/0
 ip address 11.11.11.1 255.255.255.0
 ip access-group 101 in
!
interface Serial1/1
 no ip address
 clock rate 2000000
 shutdown
!
interface Serial1/2
 no ip address
 clock rate 2000000
 shutdown
!
interface Serial1/3
 no ip address
 clock rate 2000000
 shutdown
!
interface Serial1/4
 no ip address
 clock rate 2000000
 shutdown
!
interface Serial1/5
 no ip address
 clock rate 2000000
 shutdown
!
interface Serial1/6
 no ip address
 clock rate 2000000
 shutdown
!
interface Serial1/7
 no ip address
 clock rate 2000000
 shutdown
!
interface Vlan1
 no ip address
 shutdown
!
router rip
 network 10.0.0.0
 network 11.0.0.0
 network 12.0.0.0
!
ip classless
!
ip flow-export version 9
!
!
access-list 101 permit icmp host 12.12.12.3 10.10.10.0 0.0.0.255
access-list 101 permit icmp 10.10.10.0 0.0.0.255 any
!
!
!
!
!
line con 0
!
line aux 0
!
line vty 0 4
 login
!
!
!
end