Oh wow I did not know I could do objects like that. 
How interesting I had assumed I would need some sort of port forwarding/NAT for it(outside) to know where to send the data to the .55 PS5, but the object group network/service does that. 
And you did get the idea I believe this is exactly what I was seeking.  I have not applied it yet but will as soon as I can.

thank you 

The other access-lists you have configured will need to be examined and re-written with objects if it makes sense.

You mean if I So choose? Everything else at the is point is using simple port here and there… I suppose like my email server instead of having 2 I could create an object for that to consolidate as well but currently not sure what else I would need to rewrite. 

Yes, if you choose to do it, we can have a look at the classical ACL's. 

To be honest, I'm not sure what is the benefit. You will have smaller ACL's using object-groups, but the info regarding yje ports will move from the ACL to the oblect-group. Ok if you would have 20 or 30 hosts using 10 or15 ports each, I could see the benefit, but in your case it's not that big of a difference.

Curious;

If said PS5 did not have a static IP and it randomly changes, being that the PS5 first initiates outgoing connection in order to receive incoming, is there a way to open those ports generically to the 192.168.5.0 Network where the PS5 resides and then would be open to whichever source LAN IP started connections?

The only way to open the ports generically is to configure a static NAT, but you don't need to do that if the traffic is originating from the inside.

I wonder then if when the PS5 initiates it's Internet connectivity if it already allows incoming without ACL/NAT through that tunnel?

In truth I am not really sure what that means

So for now I will assume that if the PS5 ‘outbound’ connects to Internet based services such as voice chat, score keeping and server finding that the Window is now open and anything ‘inbound’ replying to those services even in other ports not initiated by the ‘outbound’ PS5 will be allowed without and ACL or NAT.

But my Email Server, for example, being that ‘incoming’ emails happen without an initiation from ‘outbound’ I’d still need a NAT entry so that the Router knows which LAN IP to send to as well as an ACL to allow random incoming connections on email ports. 

---

@TheGoob wrote:

In truth I am not really sure what that means

So for now I will assume that if the PS5 ‘outbound’ connects to Internet based services such as voice chat, score keeping and server finding that the Window is now open and anything ‘inbound’ replying to those services even in other ports not initiated by the ‘outbound’ PS5 will be allowed without and ACL or NAT.

I'm not sure why you are asking "without and ACL or NAT". In fact you have NAT configured - your PS5 IP address is a private RFC1918 address which is not routable on the Internet. In order for your PS5 to get to services like voice chat, score keeping and server finding, you are translating the private IP address of the PS5 to a public, routable, address. This is done by the ISR, which translates the private 192.168.x.0 addresses in your network to either one of the 8 public IP addresses you got from your ISP or the IP address of the Dialer1 interface.

And yes, in this case, as soon as the first IP packet from your PS5 gets translated, the ISR stores an entry in the NAT table to enable the return traffic to be translated back to the IP address of the PS5. This happens because in this case the traffic originates from the inside lan.

But my Email Server, for example, being that ‘incoming’ emails happen without an initiation from ‘outbound’ I’d still need a NAT entry so that the Router knows which LAN IP to send to as well as an ACL to allow random incoming connections on email ports. 

---

In this case the source traffic, a mail server that wants to send you a mail message, only knows your external IP address - the one you configured in your DNS as the MX record. For this type of traffic you need a static NAT to allow the outside mail server reach your inside/dmz host which by the way has also a private IP address.

Correct, what I meant was a specific NAT in addition to the original ones I have. More specifically I was not sure that, when dealing with incoming connections from WAN to Specific LAN, I would need a NAT rule as in like a Port Forwarding. 
like I have my NAT WAN to LAN for my 192.168.1.0 (Email WAN and LAN) but also a NAT Entry routing incoming 993 to specific 192.168.1.180 on top of the NAT rule I have associating Network to WAN. 

Yes, you need different types of nat depending on the direction of the traffic - inside to outside or outside to inside.