I've been blocked by the forum for a day, being my first day after registration.
Thanks. Yes, it was the Windows firewall. After opening the firewall, host2 => host1 was successful. And both the destination MAC by the reply as sent by host1 as well as the senders MAC shown in tcpdump on the inner router are the one of the outer router, so indeed there is asymmetric routing.
So there still is a routing problem, IMHO caused by missing RAs. Whether solving it also solves the problem with internet pings is a different question indeed, as the outer router apparently knows what to do with the reply packet even though noone else in this net knows.
Since prefixes delegated to subnet routers by DHCPv6 are dynamic in nature, I think it should send RAs for the prefixes it routes. If not, how can anyone but the DHCPv6 server itself know the proper routing? Having asymmetric routing forever cannot be the solution.
Things were a bit different in IPv4, where delegations were static in nature, and proper routing relied on manual configuration or separate routing protocols.
It is exactly the same in ipv4.
Host1 has default gw to fb6490 only, unless you add a static route for the network behind fb4040. You can add a static route in ipv6 too if you want to avoid this little asymmetry.
The /56 address provided by the ISP for private internet access is dynamic, though it doesn't change often. This makes static network addresses and prefixes a problem. In IPv4 this is solved by NAT, but IPv6 should not need NAT.
There are ULA addresses (the private addresses in IPv6).
You can also try to send out RAs in the lan of fb6490, multiple routers are allowed in ipv6, but I have never done it.