Hello, i have the tunnels running and it's ok.
I did some changes to my original schema.
I have turned on the 'advanced nat' setting in order to (i think) deactivate
nat in wan.
I replace the lan interfaces with wan interfaces (as Chris hinted) and set
the WAN GW to ciscos Ips.
I setup three tunnels as stated in the Ipsec chapter of the m0n0 docbook,
and changed the tunnels endpoint to wan.
Now, i can access to any host in any network between all the host, and can
filter the traffic between networks with the fw rules.
> Laptop (10.1.1.x/24 via dhcp on m0n01)
> |opt1 (10.1.1.0/24)
> cisco router 1
> |pointtopoint line
> cisco router 2
> |opt1 (10.1.2.0/24)
> Laptop (10.1.2.x/24 via dhcp on m0n02)