I am terribly sorry: I forgot I had copied some apache2 VH config that was intended to redirect to the https version of the site and that was causing problems. Clients were successfully connecting to the apache server, which unfortunately was redirecting to the https://192.168.1.199 address and that's why I couln't figure out why external clients were going to https://192.168.1.199. I am terribly sorry for having wasted your time.
However, the NAT loopback problem persists: if I am within LAN/VPN and I try to go to https://xxx.xyz.com I get the router's login page.
It seems that the only solution would be to ask my ISP for a static IP address, which would solve entirely the problem, right? Or is there some way I could fix this with a router that is incapable of nat loopback?