Was knocking my head against a brick wall trying to configure an ACE for management for a couple of days. Turns out, it does not permit ICMP to it by default.
This is a good place to start:
So you need to configure a class map classifying ICMP traffic from specific sources as being interesting, a policy map referencing the class map, an action for matching traffic and then apply that using the “service-policy” command to the interface you want to permit traffic to.
Everything is well as long as it’s only management traffic you want to permit to this address.