Reading documentations, i noticed that to create access-list for policy nat (dynamic or static) i MUST use eq operator in defining TCP or UDP ports.
I created an ACL for dynamic nat and dynamic pat with gt and range operators, and it works correclty.
(sh nat)
dynamic translation to pool 1 (192.168.251.200)
translate_hits = 0, untranslate_hits = 0
match tcp inside 172.19.90.0 255.255.255.0 range 1024 65535 dmzt1 host 192.168.251.11 eq 80
My question is, it's correct to specify source and destination ports with all operator on acl defined for policy-nat? On the official docs only eq operator is specified. I think acl only indicate traffic selection, and it's correct to specify other operators, what you think about?