I have configured a cisco firewall asa(in packet tracer)  to allow only modbus tcp port 502 to go though the firewall from 4 inside client (172.16.0.1-172.16.0.4)  to outside server by writing acl and then auto natting.Is this configuration correct??how can i check that only port 502 is through and rest ports are blocked in packet tracer??(Inside port of firewall is et0/0 on vlan1 and out port is et0/1 on vlan2)

 hostname ciscoasa
domain-name sh
passwd 4IncP7vTjpaba2aF encrypted
names
!
interface Ethernet0/0
!
interface Ethernet0/1
switchport access vlan 2
!
interface Ethernet0/2
!
interface Ethernet0/3
!
interface Ethernet0/4
!
interface Ethernet0/5
!
interface Ethernet0/6
!
interface Ethernet0/7
!
interface Vlan1
nameif inside
security-level 100
ip address 172.16.0.55 255.255.255.0
!
interface Vlan2
nameif outside
security-level 0
ip address 192.168.201.25 255.255.255.0
!
object network mod_ether
subnet 172.16.0.0 255.255.255.248
!
!
access-list tg_dcs extended permit tcp host 172.16.0.1 eq 502 any
access-list tg_dcs extended permit tcp host 172.16.0.2 eq 502 any
access-list tg_dcs extended permit tcp host 172.16.0.3 eq 502 any
access-list tg_dcs extended permit tcp host 172.16.0.4 eq 502 any
access-list tg_dcs extended permit icmp any any
!
!
access-group tg_dcs in interface outside
object network mod_ether
nat (inside,outside) dynamic interface
!
!
!
username admin password pqrZ2iqRGgDD9cbU encrypted
!
!
!
!
telnet 172.16.0.0 255.255.248.0 inside
telnet 172.16.0.1 255.255.255.255 inside
telnet timeout 5
ssh timeout 5