Question : request following access between VLANs

i have a Cisco 3560 switch, now we have the follow request:
there 2 VLAN, VLAN1 is 192.168.1.1/24, VLAN2 is 192.168.2.1/24, my request is all computers in VLAN1 could access to VLAN2.
all computers in VLAN2 could not access to VLAN1, but there is a server in VLAN2 192.168.2.100, permit access to all VLAN1.
i did try it via vlan access-map, but it doesn't work, configuration is below

vlan access-map vac2
 action forward
 match ip address acl2

vlan filter vac2 vlan-list 2

ip access extend acl2
 permit ip host 192.168.2.100 any
 permit ip any host 192.168.2.100

after this i test it via ping, pint 192.168.2.100 to VLAN1 and VLAN1 to 192.168.2.100 works, but for example there is another server in VLAN2 192.168.2.99, my request is:
ping from VLAN1 to 192.168.2.99 works
ping from 192.168.2.99 to a computer in VLAN doesn't work
how can i do that, maybe vlan access-map could not do it?

thanks

Answer : request following access between VLANs

The established keyword indicates that packets belong to an existing connection if the Transmission Control Protocol (TCP) datagram has the Acknowledgment (ACK) or Reset (RST) bit set

see the below example

interface vlan 20  
description Vlan 20 interface  
ip address 192.168.20.1 255.255.255.0
ip access-group 100 in  

interface vlan 10  
description Vlan 10 interface  
ip address 192.168.10.1 255.255.255.0

access-list 100 permit tcp 192.168.10.0 0.0.0.255  192.168.20.0 0.0.0.255  established  
above command will do

1) permit any tcp comming from vlan 10 netwrok to 192.168.20.0
2) deny any  tcp traffic initiating from 192.168.20.0 to vlan 10