If I understand correctly, you have some VPN device hanging off the DMZ interface of the PIX (a third interface). Your tunnels terminate through the PIX outside interface to this device and then have access to resources on the DMZ. If that scenario is correct, the DMZ is isolated and should not have access by default to the inside network so you shouldnt have to add anymore commands to the PIX to protect your inside network.
Hope this helps!