PfSense virtual appliance in AWS connecting to client's Juniper IPSec

  • My infrastructure is hosted entirely in an AWS VPC.  I have both public ( and private ( subnets.  In the public subnet I have my webservers, AWS gateway and my pfSense virtual appliance. On my side in the pfSense I'm using as a BINAT.  I have 3 AWS Security Groups (My-web, My-internal and My-vpn).  I have my AWS subnet set to use a route table that routes traffic destine for my client to the pfSense instance and the network acl has been set to allow all traffic inbound and outbound.

    My client has a private subnet of, &  We successfully configured the IPsec tunnel and the phase 1 and 3x phase 2 tunnels are online.  The trouble we're having is that my client cannot get to any servers on my side, and I can't get to any on his.

    My understanding is that since I'm using a BINAT, if he wanted to access, he should actually use  He's tried and using nmap can't see any ports open.  Going the other way, I'm trying to access his and I can't see any ports open when using nmap.

    If I look at the filter logs, I can see my nmap request come in destined for the IP on his side, but I don't see anything else.