Thanks for the input and info. I noticed I had a few things wrong in my first post.

Here are the corrections please let me know if this is still good.

The users will go to https://1.1.1.68:443

and outside interface IP address is 1.1.1.65 255.255.255.240

The reason is I will have need to setup other ports to the same box so I would need the PAT.

Here is the corrected config....I think :-)

object network 1.1.1.68_OWA
 host 1.1.1.68

object network TCP_OWA_242_443
 host 192.168.168.242
 nat (inside,outside) static 1.1.1.68_OWA service tcp https https

access-list outside_inbound extended permit tcp any4 host 192.168.168.242 object-group TCP_OWA_242_443

When I first looked at it I thought DM_INLINE_TCP_242_443 was a protocol group you had defined somewhere else but not included in the snippet.

From your revision it looks like you're calling the network group where the port # or service group should be. I think what you're looking for is something like this:

object network 1.1.1.68_OWA
 host 1.1.1.68

object network TCP_OWA_242_443
 host 192.168.168.242
 nat (inside,outside) static 1.1.1.68_OWA service tcp https https

access-list outside_inbound extended permit tcp any object TCP_OWA_242_443 eq https

Yeah the DM_INLINE was a mistake.

Thanks for the correction, and for your help. I will be trying this and will post results

Mike