Do notice that when a user loads a web page it doesnt form only one TCP connection. Not all of the content are loaded from a single server so multiple TCP connections will be formed to load the complete page.
With regards to the Dynamic PAT,
It was my understanding originally that the ASA would use up the ports on the first PAT IP address configured and then the second PAT IP address. Judging by the output you have shared it would seem that the ASA does Round Robin with the 2 PAT IP addresses.
In the new ASA software levels configuring Dynamic PAT is a lot clearer as you are actually given clear options to choose how the Dynamic PAT or PAT pool behaves.
Here is a quote from a older Cisco ASA document about Dynamic NAT and PAT which to my eye seems that the first PAT IP address should be used first.
You can enter multiple global commands for one interface using the same NAT ID; the security appliance uses the dynamic NAT global commands first, in the order they are in the configuration, and then uses the PAT global commands in order. You might want to enter both a dynamic NAT global command and a PAT global command if you need to use dynamic NAT for a particular application, but want to have a backup PAT statement in case all the dynamic NAT addresses are depleted. Similarly, you might enter two PAT statements if you need more than the approximately 64,000 PAT sessions that a single PAT mapped statement supports
I marked the section in RED which seems to me to indicate that the Dynamic PAT address should be used in order.
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...