Without seeing the actual configuration, I’d expect the routing to be the issue. You need that the response from the server in the LAN subnet is routed out the same WAN through which the corresponding request came in, and this does not happen automatically, you need to use policy routing to ensure that. Look here, start reading from the last paragraph of that post, which explains the relevance to your case.