SSH from A through B to C, using IdentityFile on A

I've see some similar questions but without a clear way forward, if this was already answered before please close this one.

My scenario is:

• Host C is not accessible from A.
• Host B is accessible from A.
• Host C is accessible from B.
• A contains a pem file to access C.
• Only B have ~/.ssh/id_rsa.pub (from A) in authorized_keys

I've come up with the following on .ssh/config

Host bastion-host
  HostName servername
  Port servercustomport

Host A.*
  User custom_user
  IdentityFile path/key.pem
  ForwardAgent yes
  ProxyCommand ssh bastion-host 'ssh-add -t 1 && nc %h %p'

Host A.j
  HostName ip

then using ssh -vvv A.j I got:

debug1: Reading configuration data ~/.ssh/config
debug1: ~/.ssh/config line 16: Applying options for A.*
debug1: ~/.ssh/config line 22: Applying options for A.j
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 47: Applying options for *
debug2: resolve_canonicalize: hostname ip is address
debug1: Executing proxy command: exec ssh bastion-host 'ssh-add -t 1 && nc ip 22'
debug1: identity file path/key.pem type -1
debug1: identity file path/key.pem-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_8.1
kex_exchange_identification: Connection closed by remote host
kex_exchange_identification: Connection closed by remote host

What I'm doing wrong? Is it possible to connect this way?
Final note, this is not probably the best security flow, storing even for 1s key on bastion, but bastion is on a private network without public access.

Try this:

Host A.*
  User custom_user
  IdentityFile path/key.pem
  ProxyJump bastion-host

You do not need to forward agent if you use Proxy commands. Proxy command mean main ssh tunnel carry port forward to destination host and the connection is established between your host and destination host, but agent forwarding is when ssh connections are chained one to another.