I have a ASA 5525 running 8.6.1

My requirement is for server 1 to send web service requests to server 3 and server 4

some relevant config snippets:

object network server_3

 host 10.1.5.6

 nat (inside,dmz) static 192.168.100.6

object network server_4

 host 10.79.100.6

 nat (test1,dmz) static 192.168.100.66

access-list dmz_in extended permit icmp 10.1.7.0 255.255.255.0 192.168.100.0 255.255.255.0

access-list dmz_in extended permit tcp 10.1.7.0 255.255.255.0 192.168.100.0 255.255.255.0 eq 80

access-list dmz_in extended permit tcp 10.1.7.0 255.255.255.0 192.168.100.0 255.255.255.0 eq 443

access-group dmz_in in int dmz

route dmz 10.1.7.0 255.255.255.0 192.168.100.1 1

my service-policy inspects icmp

server 1 cannot ping, port 80 and port 443 to server 3 (security level 0 to security level 100)

server 1 cannot ping, port 80 or port 443 to server 4 (sec level 0 to sec level 50)

server 2 can ping, port 80 and port 443 to server 3 (sec level 0 to sec level 100)

What could possibly cause this behavior?

packet-tracer allows server 1 to get to server 4 via icmp, ports 80 and 443.

On running telnet 192.168.100.6 443 from server 1 I see the hit count increment on the acl

On running telnet 192.168.100.66 443 from server 1 I see the hit count increment on the acl

What could possibly cause this behavior?