Nat traffic to an address that can communicate through a tunnel

[tkrn]

I've recently switched over to OPNsense and loving it. I've come from many years of doing things in the Vyatta (and forks of - VyOS & Ubquiti) for my firewalls/routers. With that being said previously I had a tunnel (ipsec) that had my 10.212.5.0/24 network in route through the tunnel on my side. I would nat from another interface on a different vlan (10.212.3.0/24) and nat all that traffic to a virtual interface on that layer 3 (10.212.5.2) then which once natted it would then go through the tunnel to the other side.

I've made a number of attempts to do this in OPNsense but I feel like I'm fundamentally missing a key concept here so I'm seeking help! Here's my original rule:

VyattaOS Style Configuration

Code Select Expand

        rule 5003 {
            description "ipsec proxy tunnel"
            destination {
                address 10.218.5.0/24
            }
            log disable
            outbound-interface eth0
            outside-address {
                address 10.212.5.2
            }
            protocol all
            source {
                address 10.212.3.0/24
            }
            type source
        }