pfSense

In my environment, have a 7100 in a colo, and it is attached to a remote office via a site-to-site ipsec vpn link.
In the office, I have a mailserver, and I wish to allow traffic to flow to that mail server across the vpn link. Here is a very simple diagram:

internet -> colo firewall -> ipsec vpn link -> office firewall -> lan -> mailserver

Ideally, I'd like this to function as a 1:1 nat, as though it would without the ipsec link, so that all traffic into and out of that mailserver goes over a dedicated IP at the colo. It seems like it would work, so I tried it and the traffic wouldn't flow. I asked support about it, and they said that it was unsupported.

This is fairly high priority for us, as due to an unanticipated network change we've been forced to adopt this architecture, and this mail server is down until we can sort out how to get mail to flow to it.