I'm thinking now that the direction of the flow between the two dmz is the issue as the current configuration assumes inbound from untrust.
Perhaps this could be overcome by adding dst nat to the policy between the two dmz zones. Picking up the public address on the policy and translating it there to the internal address instead of letting it hit the vip/dip process.