We had one strange issue which was resolved by configuring "no threat-detection statistics tcp-intercept" from threat-detection statistics tcp-intercept rate-interval 30 burst-rate 400 average-rate 200.
We were not able to access our mail server internally( Zone created in local DNS-(10.10.2.10)) when external nat & access-list configured on the same IP. ( https://mail.company.net). When we remove the external static nat and access-list we can access mail server internally.
name 10.10.2.23 CASServer2
access-list outside_access_in extended permit tcp any host 94.*.*.170 eq https
I'm not sure if I understand your question. My own experience is that if I want both internal and external NAT access to a particular server, I have to give it two different IP addresses. I haven't run packet-tracer to see what the underlying issue is yet.