What happens/is translated when a packet comes from the Internet destined for 4.2.2.2 with ..........
A) the packet will be redirected to 10.1.2.3 on port 443
B) The packet will be drop by the ASA as there is no port-forwarding for port 1025 ( just for 443)
and, in the reverse direction from 10.1.2.3 back towards the internet
A) Packet from a higher security level to a higher is going to be allowed by default if you have the right translation
B) The ASA will have already a entry on all of its table for this connection ( xlate,local-host and conn Table) so the traffic will be allowed without any inspection.
static (inside,outside) tcp 4.2.2.2 443 10.1.2.3 443 netmask 255.255.255.255 only affect packets with dst tcp port 443
Port-Forwarding is only for inbound connections, the outgoin packet for the same connection will hit this nat but if you start a new brand connection ( outbound) you will need a different nat
Regards,
Julio
Rate all the helpful posts
Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC