Here's how to do this:
DNS hostname: www.company.com -> 2.2.2.2
NAT: 2.2.2.2 -> 192.168.1.2 (DMZ)
Clients: 192.168.2.0/24 (TRUST)
1) Setup your NAT as you usually do
2) Setup a rule from UNTRUST -> DMZ to access www.company.com from the outside
3) Setup a rule from TRUST -> UNTRUST, where the UNTRUST object is the MIP object
I haven't done this in a while but I think the above is all you need and it SHOULD work. I know it's possible as I've done it in the past. The main thing is that you need a rule from TRUST->UNTRUST where the destination is the actual MIP address. If you have a TRUST->UNTRUST with any->any permit, it will not work. I think that was the trick.
Give it a shot and let me know if it works. I don't have my SSG up to test this.