In working around with internal website resolution vs external websites and DNS resolution my team has decided they'd like to have internal machines access DMZ resources by their external IP rather than the local DMZ address. I'm not quite positive this is the way to do things, but I figured I'd just check around to at least answer a question for myself.
We have a Pix 515 (that's going to be replaced soon by an ASA5510). We have our inside interface, a DMZ interface, and then the external interface. Inside clients are all PAT'd to a single external address. Internal IPs are in the range of 10.x.x.x using a 255.255.255.0 subnet. DMZ is on a 172.x.x.x with a 255.255.255.248 subnet. DMZ clients have a static mapping to an external IP like 208.x.x.x.
So here's the question. When an internal client attempts to connect to one of the DMZ computers using it's external address (208.x.x.x) there's no resolution, it just times out. I'm not quite positive why. I just don't think the Pix will support what they want to do, but I can't articulate why. I'm thinking that internal client's traffic gets PAT'd and is then on a 208.x.x.x address which then tries to connect to the DMZ computer's 208.x.x.x address and there's a problem there somewhere.