Traffic through IPSec without NAT
I have a little problem using pfsense as vpn software appliance on aws. pfsense connect to existing remote vpn-hardware appliance.
Defined IPSec configuration:
Remote Network: 10.0.0.0/16
Local Network: 192.168.2.0/24
Next to pfsense, the vpc contains some more servers, e.g. 192.168.2.10, wich should be accessible through vpn.
The vpn connection is established successfully. Phase 1 and 2 is working.
When I try to access some services from an instance on the remote side, e.g. access HTTP through vpn, "wget http://192.168.2.10" the access is only possible, when I enable outbound NAT for source 10.0.0.0/16 on WAN address. Otherwise, the incoming packets are not delivered or answered.
Is it possible to access services without NAT, because for some accessible services I need the original requester ip.
After helpful discussion on the irc - thank you rawtaz - the problem could be solved.
Generally, I have to add an additional static route for the remote network. When I create this route, I could deactivate complete NAT handling and it works as expected.