Thanks for posting your question on the forum!
I think I see what may be the issue with LAN#2 reaching the server on LAN#1. The nat rule should be a destination NAT and not a source NAT since we need to send the traffic to the server on your Private LAN. However, we need to match traffic destined for the public IP that is used for the license server. Since I don't know what "web-acl-17" looks like, I'll go ahead and post what the syntax should look like for it as well.
ip access-list extended web-acl-17
permit ip any host 220.127.116.11
ip policy-class "Private outside DOM"
nat destination list web-acl-17 address 18.104.22.168
I would also note that web-acl-17 will NAT all traffic destined for 22.214.171.124. You can modify this ACL so that it only NATs certain ports as opposed to all IP traffic.
Workarounds for hairpin applications can also be found here: Re: Hairpin Prevention
Please do not hesitate to let us know if you have any questions or issues.
Thanks Noor! I had to abandon this configuration project in February. My solution was to move the license server PC to another location. Now everybody accesses it from the public internet zone. I'll save 'hairpin' configurations for another day.