ASA Object-Group Access-Lists

In this lab you create three different service object groups using 2 different methods. I am wondering if there is a difference in the behavior between the two. I am guessing no. The first method seems to offer a bit more flexible as it allows you use as a source or destination port. But to me they seem the same.

object-group service TELNET tcp
 port-object eq 23
!
object-group service TFTP udp
 port-object eq 69
!
object-group service OTHER_PORTS
 service-object tcp destination eq 21
 service-object udp destination eq 123
!
access-list VLAN29_INBOUND extended permit tcp object-group R2 object-group ALL_DESTINATIONS object-group TELNET
access-list VLAN29_INBOUND extended permit udp object-group R2 object-group ALL_DESTINATIONS object-group TFTP
access-list VLAN29_INBOUND extended permit object-group OTHER_PORTS object-group R2 object-group ALL_DESTINATIONS


I futher simplified the ACL such that there is only one ACE. I feel it still meets all the requirements though.
I have read that in the lab it is best to perform ACLs in the least amount of lines possible.


ASA2(config-service-object-group)# show run object-group
object-group network R2
 network-object host 150.1.11.11
 network-object 136.1.29.0 255.255.255.0
object-group network SUBNET
 network-object 136.1.19.0 255.255.255.0
 network-object 136.1.26.0 255.255.255.0
object-group network R1_LOOPBACK0
 network-object 150.1.1.1 255.255.255.255
object-group service OTHER_PORTS
 service-object tcp destination eq ftp 
 service-object udp destination eq ntp 
object-group service TASK_SERVICES
 service-object object TELNET 
 service-object object TFTP 
 group-object OTHER_PORTS
object-group network ALL_DST
 group-object R2
 group-object SUBNET
object-group service TELNET-OBJ tcp
 port-object eq telnet
ASA2(config-service-object-group)# show run access-list
access-list VLAN49_IN extended permit object-group TASK_SERVICES object-group R2 object-group ALL_DST 
ASA2(config-service-object-group)# show run object
object network R2-LO1
 host 150.1.11.11
object network VLAN29
 subnet 136.1.29.0 255.255.255.0
object service TELNET
 service tcp destination eq telnet 
object service TFTP
 service udp destination eq tftp 
ASA2(config-service-object-group)# show run object-group
object-group network R2
 network-object host 150.1.11.11
 network-object 136.1.29.0 255.255.255.0
object-group network SUBNET
 network-object 136.1.19.0 255.255.255.0
 network-object 136.1.26.0 255.255.255.0
object-group network R1_LOOPBACK0
 network-object 150.1.1.1 255.255.255.255
object-group service OTHER_PORTS
 service-object tcp destination eq ftp 
 service-object udp destination eq ntp 
object-group service TASK_SERVICES
 service-object object TELNET 
 service-object object TFTP 
 group-object OTHER_PORTS
object-group network ALL_DST
 group-object R2
 group-object SUBNET
object-group service TELNET-OBJ tcp
 port-object eq telnet
ASA2(config-service-object-group)# show run access-list
access-list VLAN49_IN extended permit object-group TASK_SERVICES object-group R2 object-group ALL_DST