I'm not after the command to do this.
My question is, I would obviously NAT addresses going through the external interface. However, what are the reasons for/against NATing addresses between the DMZ and Internal network ?
If you had :
DMZ 192.168.1.0 / 24
INTERNAL 192.168.100.0 / 24
Would you NAT an address on the DMZ to the INTERNAL for clients to access it ? If you didn't, how would traffic route - would you rely on the PIX/ASA being the default gateway, or advertise the DMZ subnet via OSPF/EIGRP ?
Would the same be true if the access was from DMZ to INTERNAL, (rather than INTERNAL to DMZ).
I'm talking about what is best practice (security and manageability), rather than just "making it work".
Any help would be appreciated - I've seen this done in a number of ways.