I have an application that is getting blocked by the Trend Micro CSC under the http class map. I need it to ignore http traffic from a 172.16.1.0/24, and allow all else. I haven't worked with class maps much, but my thinking is an ACL with the IP subnet, and a match statement under the class map, but where I have the question is, will the ACL be
permit ip 172.16.1.0 255.255.255.0 any
deny ip any any
or the other way around?
deny ip 172.16.1.0 255.255.255.0 any
permit ip any any