PfSense virtual appliance in AWS connecting to client's Juniper IPSec
-
My infrastructure is hosted entirely in an AWS VPC. I have both public (10.10.10.0/24) and private (10.10.23.0/24) subnets. In the public subnet I have my webservers, AWS gateway and my pfSense virtual appliance. On my side in the pfSense I'm using 172.16.23.0/24 as a BINAT. I have 3 AWS Security Groups (My-web, My-internal and My-vpn). I have my AWS subnet set to use a route table that routes traffic destine for my client to the pfSense instance and the network acl has been set to allow all traffic inbound and outbound.
My client has a private subnet of 10.158.159.0/24, 192.168.193.0/24 & 192.168.219.0/24. We successfully configured the IPsec tunnel and the phase 1 and 3x phase 2 tunnels are online. The trouble we're having is that my client cannot get to any servers on my side, and I can't get to any on his.
My understanding is that since I'm using a BINAT, if he wanted to access 10.10.23.37, he should actually use 172.16.23.37. He's tried and using nmap can't see any ports open. Going the other way, I'm trying to access his 192.168.219.20 and I can't see any ports open when using nmap.
If I look at the filter logs, I can see my nmap request come in destined for the IP on his side, but I don't see anything else.