This is by design. If you want the first Exchange server to proxy the OWA requests, it must be setup as a Front-End server. Otherwise, it will redirect users to the correct server which as you realized, would require you to setup another external name, external IP and a NAT.