The first one indicates that the packet from 10.10.10.10 will come with a source port 80. Since TCP connection start with a random source port, the ACL mostlikely is not going to be hit. In case of a Router, where they are more packet wise than connections, it may work, but for an ASA it wont, because a connection needs to be established prior a response on well known port is received.
The second one is more common, it usually allows connection to well known ports for the first SYN packet (in case of TCP connections). That will allow a connection establishment on the ASA firewall, then the return packets will be allowed preventing you the need of configuring ACLs with source ports.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...