Retiring subnet 172.16.24.x 255.255.252.0 in phases, moving devices to 172.17.24.0 255.255.252.0. Current phase - move Messaging server devices. Senior stating that currently proposed command set for move does not make sense in terms of subnet masks for given ACL's. I am not understanding given existing config appears to utilize same subnet mask. I submitted below change outline based upon existing config that is in attachment. Any thoughts?
section (names)
name 172.17.24.126 chints1
name 172.17.24.127 chints2
name 172.17.24.134 chiapp1
section (access-list acl-dmz1)
command set to be used
access-list acl-dmz1 linenumber extended deny tcp host nantsgw4 172.17.0.0 255.240.0.0 eq www
access-list acl-dmz1 linenumber extended permit tcp host nantsgw4 172.17.0.0 255.240.0.0 eq lotusnotes
access-list acl-dmz1 linenumber extended deny tcp host chibry1 172.17.0.0 255.240.0.0 eq 3101
access-list acl-dmz1 linenumber extended deny tcp host chibry2 172.17.0.0 255.240.0.0 eq 3101
section (access-list acl-dmz4)
command set to be used
access-list acl-dmz4 extended permit tcp 172.16.0.0 255.240.0.0 172.17.0.0 255.240.0.0 object-group Permit-Inbound-Remote-Internal-TCP
access-list acl-dmz4 extended permit udp 172.16.0.0 255.240.0.0 172.17.0.0 255.240.0.0 object-group Permit-Inbound-Remote-Internal-UDP