Have the firewall rules modified so that the Nessus server on the internal network is able to scan the hosts in the DMZ.
Leave the Nessus server in the internal network but add a second network card so that it can be connected to a switch in the DMZ. This will allow the Nessus server to have access to the internal and DMZ networks.
Run Nessus from a location on the Internet which is separate from the company’s network so that no firewalls, IPS, or other security products interfere with the scan.
Run Nessus from a server that resides in the DMZ so that no firewalls, IPS, or other security products interfere with the scan.