I suspected as much, but that puts me in a tough spot as I've got two services that work on port 443 and neither can be changed to use another port.  The OWA access is used by smart phones (no option to set/change the port) and the RDS Gateway does not support alternate ports (design restriction).

I was previously informed because the WAN1 and WAN2 IP's were not in the same subnet I had to use two different interfaces. 

Is there a way to achieve the desired result of being able to receive on multiple IP's/interfaces concurrently?

Can the RDS Gateway clients use a port of than tcp/443? If so, then put a PAT in place for the public IP of RDS and use that port.

Alternatively, you could get your ISP to parcel out more than the /30 you currently have (with only 2 usable IP addresses - your end and theirs). Most folks with ASAs have at least a /27 or so to allow at least a handful of public IPs to be set up -whether for NAT or PAT use.

The IP's we were assigned are next to each other:

a.b.c.68/30 (.69 as theirs and .70 as ours)

a.b.c.72/30 (.73 as theirs and .74 as ours)

I may be able to get the ISP to combine them into a /29 group of consecutive usable IP's, but that will take some time to coordinate.

FYI, the ASA is replacing an old SonicWall TZ170 and it was able to use the two public IP's we were assigned (using a static ARP entry and NAT rule using the WAN2 IP I think).  I'm a bit dismayed the ASA cannot do this too (or maybe it can and I just cannot figure out how).  The TZ is being replaced due to EOL issues (cannot renew the support contract for it), and we got the ASA via techsoup (for registered charities).

Unfortunately Microsoft did not design the RDS gateway service to work with ports other than https (I already confirmed this with Microsoft support).  My understanding is it is a hard coded limitation (the RD Client gateway field does not support port specifications, just an FQDN DNS name).  Hopefully they add a port field by Server 2016/Windows 9.

Until I can get the IP's merged I think I'll install the old TZ170 to take over the OWA incoming traffic.

Okay, logged a TAC and got it working:

In this instance the only thing that needed to be changed was the NAT rule.

My original rules were interface rules, which only worked on the default route (WAN1).  Setting the "outside" value to the WAN2 interface fialed.

The NAT rule for the second https service was modified to use the IP of WAN2 (changed from WAN2 interface to WAN2 IP), now it is working.

I didn't check the logs but I suspect the traffic still flows out the WAN1 interface to the modem (shared by WAN1 and WAN2 interfaces), but since the modem is expecting traffic on that IP it does not reject it.  I could be wrong though.

Technically, I don't think I even need the WAN2 interface configured anymore as the NAT rule would rewrite the packets out the active port.  Without a second failover IP from the second ISP we can still only provide failover redundancy for one of the https services though.

Will post the two https NAT rules for the community next chance I get (in case any one else has to do something similar).