Virtual ip not accessible by ipsec
I'm using pfsense version 2.3.2
My setup, I have 3 internal (LAN) networks and a ipsec (roard warrier) setup ending in LAN2 , from that tunnel I want to acces only 1 device from LAN3 (I don't want to add a phase 2 to the complete network) so I setup a virtual IP (IP alias) in LAN2 with a 1:1 NAT to that device, internally it works fine, but from the IPSEC client the virtaul IP (IP Alias) is not accessible.
LAN 2 has a subnet of 192.168.4.0/24
LAN 3 has a subnet of 192.168.11.0/24
Device on LAN 3 has IP 192.168.11.1
IP Alias - Interface: LAN 2 - Address: 192.168.4.23/24
IPSec Phase 2: Local network: 192.168.4.0/24
LAN 1 has full access to LAN 2 and LAN3
LAN 2 has full access to LAN 3
Test from LAN 1 access IP 192.168.4.23 ends up to 192.168.11.1 (NAT) so that works fine.
Test from IPSEC client IP 192.168.4.23 ends up nowhere, not accessible, all other devices on 192.168.4.0/24 are accessible