I just got to work with a ASA in production having 8.x OS and I saw some strange thing . DMZ is assigned 70 security level while outside is 0 , while doing packet-tracer from DMZ to Outside ip it gives me a drop by ACL message ( tcp / icmp ) while it should pass it as the data is from higher security level to lower . Once I configure an ACL it starts working properly although I feel there is no need for ACL . There are also STATIC Identity NAT statements for IP addresses/servers I am willing to communicate .
I have just noticed that there is no service-policy global_policy global in the config . There is a default policy-map configured but not applied , zones work using interface security level and insection policy and since there is no inspection policy applied this can be the reason why traffic is not moving from higher security level to lower .
You are right on how the Security level work, however, inspections are not required (it is recommended) but not required. Can you turn on logging on debugging and see when you try to make a connection?