I have a question about NATing I do not fully understand.
Normally when I think of NATing an IP Address, I think in terms of the outside interface and public address subnet. If I have a server on the inside network and an available public address in my subnet, I can NAT that server to the available address. The users accessing the NATed address are routed to the outside interface and then hit the NATed address which is translated to an inside or DMZ address.
So it is as if a device not on the outside interface of the firewall is routed to hit the interface, which has a NATed address from the public subnet on it
Suppose I have an inside interface:
a DMZ interface
with a server
Now, If I have a host that I want to allow access to the DMZ server, and I NAT the inside host to the DMZ:
static (inside,DMZ) 10.10.10.10 10.10.10.10 netmask 255.255.255.255
If the DMZ server initiates traffic to the inside host, it is as if both of those devices are on the same interface.
So the DMZ server 192.168.10.10 hits the NATed address 10.10.10.10, which it sees on the same interface.
Does it work like a secondary interface on a router, that anything on the 192.168.10.0 network gets automatically routed to the 10.10.10.10 host?