For my ATC lab setups I just use Vyatta as the Border-Router which is very simple to set up with some static routing & masquerade NAT to permit Internet access. Run a packet capture on the external interface of Border-Router, are the pings sent by the gateway actually leaving the outside interface of Border-Router? (probably) Are they NATted correctly? (probably not) For successful pings initiated from behind A-GW what NAT address are those networks hiding behind? What happens if you hide them behind the gateway's 203.0.113.1 address instead?
My guess is that you have left the Install On field of your NAT rules at "Any" and not confined them to a single gateway, and both A-GW and Border-Router are attempting to execute each other's NAT rules inappropriately.
Gateway Performance Optimization R81.20 Course
now available at maxpowerfirewalls.com