Port forwarding through second router with Tomato firmware to NAS

Port forwarding through second router with Tomato firmware to NAS

Link to network schematic, because I can't post images:
http://i.imgur.com/0zxYVdr.jpg
Situation
My Fritz is connected to my ISP and it runs a local wired and wireless
network. I have my Apple TV on this LAN. And wirelessly connect my iOS
devices and my Macs. The problems I have are mainly with my NAS and my
routers (I suspect the ASUS Tomato router).
The LAN1 on the Fritz is connected to the WAN on the ASUS.
The ASUS router runs the recent
Tomato-K26USB-1.28.7500.2MIPSR2Toastman-RT-VPN-NOCAT firmware. The Fritz
runs stock firmware.
The whole purpose of my setup is to run one extra network that goes
through a VPN service. This way I can browse anonymously, circumvent geo
restrictions and all the rest. I can switch networks with my wireless
devices in order to change from my ISP IP to my VPN IP.
The Fritz hands out IP addresses in the 192.168.178.x range, the ASUS in
the 172.16.1.x range.
Connection between networks
When connected to the ASUS I can access the web GUI of the Fritz by going
to 192.168.178.1, I can also connect to or ssh into the Apple TV on the
other network by connecting to 192.168.178.3.
Similarly, when connected to my main Fritz network, I can connect to my
NAS by going to 172.16.1.2. The Apple TV can stream from the XBMC library
that is on the NAS fine as well. I can't however connect to the web GUI of
the ASUS on 172.16.1.1. This just hangs for a while and then stops. I
suspect this has something to do with remote access settings or the
firmware but I haven't been able to solve this.
Port forwarding and reaching my NAS
I also have problems port forwarding to my NAS from my Fritz. I want to
reach my NAS from the outside using my ISP IP address.
The ASUS Tomato router is on 'Router' mode.
There's a static ip routing table entry in my Fritz for the 172.16.1.0
network with a 192.168.178.2 gateway and 255.255.255.0 subnet mask. This
enables devices on both networks to reach each other.
I port forward TCP 5001 and 8080 from the Fritz to the ASUS router, and
then again from that router to the NAS on 172.16.1.2.
(I have also tried forwarding 5001 and 8080 from the Fritz directly to the
IP of the NAS on the other network)
Trying to reach my NAS from the outside using this setup now just hangs
for a while and then stops, much like connecting to the ASUS web GUI from
my main network.
There are no logs in either the Fritz or the Tomato after trying to
connect this way for as far as I can see.
DNS on the ASUS Tomato is now on 4.2.2.1 or 8.8.8.8.
I also forward UDP 1194 in my Fritz to the ASUS which permanently runs an
OpenVPN client in Tomato. No problems here.
Port forwarding to other devices on my Fritz network works fine too.