The reason why you can't access zz.zz.zz.72 was due to the address mapping " static (dmz, inside) xxxx.... ". The DMZ to Outside mapping is ok.
You can't access the DMZ server from inside using that zz.zz.zz.72 address, as the address was meant for external/internet users accessing your internal/DMZ server.
In Firewall, any internal server that need to be accessed by external user need to be mapped with Public IP. To access servers in DMZ, you need to map inside subnet with DMZ.
In your case, what you need is to re-configure the PIX to allow inside host accessing DMZ server, to use either:
a. Option 1
global (dmz) 1 10.30.4.98-10.30.4.100 ---> dynamic range, or
global (dmz) 1 10.30.4.9x ---> single IP @ PAT
nat (inside) 1 10.30.4.80 255.255.255.240
access-list inside permit tcp any eq xxx -> you can also use 'IP' to replace tcp or udp
access-list inside permit udp any eq yyy
access-list inside deny ip any any
access-group inside in interface inside
b. Option 2
static (inside,dmz) 10.30.4.80 10.30.4.80 netmask 255.255.255.240
access-list inside permit tcp any eq xxx -> you can also use 'IP' to replace tcp or udp
access-list inside permit udp any eq yyy
access-list inside deny ip any any
access-group inside in interface inside
The advantage of Option 2 is it allows your internal/inside hosts to access DMZ server using DMZ server's original/physical IP. Same goes to DMZ hosts when they need to access inside hosts.
On DMZ, you can apply ACL allowing incoming/outgoing traffic as well.
http://www.cisco.com/en/US/partner/products/sw/secursw/ps2120/products_configuration_guide_chapter09186a0080172786.html#wp1112434
Hope this helps.
Rgds,
AK