Advanced ACL ..

I'd like to ask you a question about ACL.

The setup I'm trying to do is keep C away from D.

In D, using the Advanced acl , the source ip was set to C equipment ip, and the destination ip was set to D equipment ip and denied. And I apply it inbound on two links in the D device.

After checking that the ping does not go from C device to D device, D has to go to C normally, so I also checked the ping in D and the ping did not go to C.

So I asked around, I looked for it, and I apply an icmp icmp-type echo-reply on acl.

I applied echo-reply, but this time, I couldn't ping even A or B.
Do you happen to know what the problem is?

here is my config

Device "D"

#

acl number 3000

 description ### Tech_Team OP_Team ###

 rule 5 permit icmp icmp-type echo-reply

 rule 10 deny ip source 172.23.62.36 0 destination 172.23.62.68 0

 rule 15 permit ip

#

traffic classifier tc operator and

 if-match acl 3000

#

traffic behavior tb

 deny

 statistic enable

#

traffic policy tp

 classifier tc behavior tb

#

interface GigabitEthernet0/0/1

 port link-type access

 port default vlan 64

 stp disable

 traffic-policy tp inbound

#

interface GigabitEthernet0/0/2

 port link-type access

 port default vlan 64

 stp disable

 traffic-policy tp inbound

#

ip route-static 0.0.0.0 0.0.0.0 172.23.62.65  // A,B vlan 64 VIP

=========================================================================

Device C

#

interface Vlanif63

 ip address 172.23.62.36 255.255.255.224

#

interface MEth0/0/1

#

interface GigabitEthernet0/0/1

 port link-type access

 port default vlan 63

 stp disable

#

interface GigabitEthernet0/0/2

 port link-type access

 port default vlan 63

 stp disable

#

smart-link group 1

 protected-vlan reference-instance 2

 restore enable

 smart-link enable

 port GigabitEthernet0/0/1 master

 port GigabitEthernet0/0/2 slave

#

ip route-static 0.0.0.0 0.0.0.0 172.23.62.33  // A,B vlan 63 VIP