Hi Dom,
The statement you're referencing is explaining that NAT exemption through the NAT 0 command is only applied to the ingress interface, and it will take effect for all egress interfaces. For example, say you have the following config:
access-list nat0-acl permit ip host 10.1.1.1 host 192.168.1.1
nat (inside) 0 access-list nat0-acl
The above config will perform NAT exemption for all IP traffic from 10.1.1.1 to 192.168.1.1. This is regardless of whether 192.168.1.1 lives off the outside interface or the DMZ interface. We only care about the interface the packet arrives on and the egress interface is never specified.
This is different from your normal dynamic NAT statements, which pair an ingress and egress interface. For example:
nat (inside) 1 10.2.2.0 255.255.255.0
global (outside) 1 192.168.2.2
global (dmz) 1 192.168.3.3
With the above config, the 10.2.2.0/24 network will be dynamically PAT'ed to 192.168.2.2 when it talks to hosts on the outside interface. However, it will be dynamically PAT'ed to 192.168.3.3 when it talks to hosts on the dmz interface.
Your config works because the ASA processes NAT 0 exemptions first, followed by the rest of the dynamic nat/global pairs in order. So, if a packet doesn't match any of your NAT exemption rules, it will fall through to your dynamic PAT (overload) statement that translates it to the outside interface IP.
-Mike