Retiring subnet 172.16.24.x 255.255.252.0 in phases, moving devices to 172.17.24.0 255.255.252.0. Current phase - move Messaging server devices. Senior stating that currently proposed command set for move does not make sense in terms of subnet masks for given ACL's. I am not understanding given existing config appears to utilize same subnet mask. I submitted below change outline based upon existing config that is in attachment. Any thoughts?

section (names)

name 172.17.24.126 chints1

name 172.17.24.127 chints2

name 172.17.24.134 chiapp1

section (access-list acl-dmz1)

command set to be used

access-list acl-dmz1 linenumber extended deny tcp host nantsgw4 172.17.0.0 255.240.0.0 eq www

access-list acl-dmz1 linenumber extended permit tcp host nantsgw4 172.17.0.0 255.240.0.0 eq lotusnotes

access-list acl-dmz1 linenumber extended deny tcp host chibry1 172.17.0.0 255.240.0.0 eq 3101

access-list acl-dmz1 linenumber extended deny tcp host chibry2 172.17.0.0 255.240.0.0 eq 3101

section (access-list acl-dmz4)

command set to be used

access-list acl-dmz4 extended permit tcp 172.16.0.0 255.240.0.0 172.17.0.0 255.240.0.0 object-group Permit-Inbound-Remote-Internal-TCP

access-list acl-dmz4 extended permit udp 172.16.0.0 255.240.0.0 172.17.0.0 255.240.0.0 object-group Permit-Inbound-Remote-Internal-UDP