I have been looking into this and I can only really find answers on how to technically achieve this, rather than whether it is necessary (or best practice).
Assuming (for example)
Inside 220.127.116.11 /16
DMZ 192.168.10.0 /24
Is there a reason why an inside host should reference a DMZ host by a fixed 172 address NATed to the actual 192 address ?
Or, why a DMZ host should reference an inside host by a fixed 192 address NATed to the actual 172 address ?
Is there a reason why the 192.168.10.0 /24 should not be routable from inside hosts and that the "NAT" should not actually mask the addresses ?
Again, I am more interested in what the objective should be, rather than the NAT rule/exception commands. What are the reasons for/against, what is common practice ?
Any help would be appreciated.