I just labbed this up again, just in case I’m not losing my mind 
On Cisco VIRL, it’s also not working for me. I can ping between R3 and R1 without issues and I don’t get any hits on my access-lists.
On my older 2800 routers running IOS 15.1(4)M10 it’s working though:
R1#show version
Cisco IOS Software, 2800 Software (C2800NM-ADVENTERPRISEK9-M), Version 15.1(4)M10, RELEASE SOFTWARE (fc2)Let’s enable a debug on R2:
R2#debug ip packet
IP packet debugging is onTry a ping from R3:
R3#ping 192.168.13.1 repeat 1000 timeout 0R2 drops them:
R2#show access-lists R3-TO-R1
Extended IP access list R3-TO-R1
10 deny ip any any (1027 matches)Ping from R1:
R1#ping 192.168.13.3
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.13.3, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 msThis is traffic that R2 inspects:
R2#show ip inspect sessions
Established Sessions
Session 49BFA068 (192.168.13.1:8)=>(192.168.13.3:0) icmp SIS_OPENRene