> From: "JT" <j dot tarot at tecsas dot fr>
> > I've no control on cisco (1700) routeurs which are managed by the ISP.
> This could be a problem. You will need the cooperation of the ISP.
> > ATM, I've made the base setup so, from the m0n0wall interface, I can
> > ping the ciscos. But no chance from the LANs.
> > I've tried to add a rule that allow all trafic from "SDSL nets" on
> > opt1 interfaces to any... still unsuccessful.
> You need static routes to the Cisco routers for the other LAN. However,
> Cisco routers also need those static routes. It sounds like the Cisco
> routers don't know about any of the 192.X.X.X addresses, so the packets
> there. Try a traceroute, and I bet you fail at the Cisco.
Does your ISP allow you to inject routes into their CPE router via a routing
The standard way for an ISP to propagate customer routes across an MPLS VPN
is by using OSPF/RIP and then propagating them across it's network using
MP-BGP. Unfortunately m0n0wall, afaik, can't do any dynamic routing, but if
the ISP allows it, you might be able to find a cheap router to stick between
the CPE and m0n0wall or use pfSense+zebra or something.
Is this just a simple point to point link? Or are there multiple sites
connected via it?