My first observation is that you have two gateways configured on ask - you should only have
one (on its public-side interface) - that being the route you want all external traffic to
take out of the system.
That is unlikely to solve the problem, I suspect, as I would think the issue you describe is
being caused by the NAT rules on gate.
I would think gate is performing NAT translation on traffic from your internal (192.168-net)
network out to the internet but not to the 99-net interface (this may be easily configurable
in your firewall interface, but I haven't used shorewall in approaching 10 years).
You will need to either remove the internal (192.168-net) interface from ask or configure
gate to NAT the requests coming from 192.168-net to 99-net in order for the communication to
work between lian and ask's public 99-net address.
Hope this helps,